Re: [squid-users] Squid3 Samba3 PDC Authentication via LDAP -- help

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Thu, 14 Jun 2007 00:08:43 +0200

ons 2007-06-13 klockan 17:11 +0200 skrev Etienne Pretorius:
> Hello List,
>
> I have a slight problem. I need to squid to authenticate against a samba
> PDC with an LDAP backend. I would like it to do the Authentication
> without the help of SAMBA and to get the password right out of the LDAP
> server and unhash.

Should be doable, but you'll need to implement the hash function to
compare the passwords.. unless Samba stores the plaintext password in
their password backend.. (which I doubt..)

> Would this be the helper I am looking for (squid3):
>
> Usage: digest_pw_auth(LDAP_backend) -b basedn -f filter [options]
> ldap_server_name

That helper is for the Digest authentication scheme. Requires either
plain-text or Digest realm specific hashed passwords in the backend.

> And could someone please provide me with an example of its usage.... as
> I am having no luck here testing it.
>
> [root@xxxxx:/usr/lib/squid3] ./digest_ldap_auth -R -b
> "ou=People,dc=domain,dc=co,dc=za" -u "uid" -A sambaNTPassword -h
> ldap_server
> etiennep 83152D7BEBBCA0BF0E5E170005097A69
> ERR

Are you really using 83152D7BEBBCA0BF0E5E170005097A69 as your password?
Awfully long string to type..

Also please note that using the -A option retreives that attribute from
the LDAP in order to compare with the supplied password. To use this the
user squid_ldap_auth binds as must have read access on the attribute.
Any password related attributes usually has very strict access controls
in most LDAP servers..

What do your user object look like in the LDAP tree?

Regards
Henrik

Received on Wed Jun 13 2007 - 16:08:54 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT