I am trying to run dual authentication, Active Directory
(squid_ldap_auth) and ncsa_auth. I have adapted another script suggested
by one of the other squid users (D Radel) where these dual auths are
used (using 2 different ADs though). My battle is getting the second
script to check the plain text password file for user name and password.
Below is a section of D Radel's email in response to my origional
query...
"Here is a solution that would work. You could call a custom script from
your squid.conf e.g.
My script goes something like this
#!/bin/sh
# read from stdin until EOF is received
while read INP; do
# Use username and password to authenticate against AD domain number
1
DOMAIN1=`echo $INP | /usr/lib/squid/ldap_auth ....(edited)
# User username and password to authenticate against AD domain
number 2
DOMAIN2=`echo $INP | /usr/lib/squid/ldap_auth ....(edited)
# If username and password is correct for either domain, output "OK"
if [ "$DOMAIN1" == "OK" ]; then
echo "OK"
elif [ "$DOMAIN2" == "OK" ]; then
echo "OK"
else
echo "ERR"
fi
done
The above script authenticates against one domain, and if fails it tries
the other domain. You could modify the second lookup in this script to
check against a plaintext file instead of a 2nd domain. Instead of
calling ldap_auth the 2nd time, call another custom script (call it
plaintext_check.sh or something) that checks the username and password
against a plaintext file and returns OK or ERR accordingly to the first
script (above). Modify above line to call your 2nd script:
DOMAIN2=`echo $INP | /usr/share/custom_scripts/plaintext_check.sh`
Non-standard, but you could get it to work if you can write shell
scripts..
D.Radel."
Regards
Paolo Biancolli
-----Original Message-----
From: Mark Elsen [mailto:mark.elsen@xxxxxxxxx]
Sent: 20 February 2006 06:08 PM
To: Paolo Biancolli
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: Re: ncsa_auth
> Hi all,
>
> I am trying to write a custom script which in part will use ncsa_auth
> as an authentication method. What I do know is that if I run
> "/usr/local/squid/libexec/ncsa_auth
/usr/local/squid/etc/password_file"
> and then an actual username and password from the password file (from
> the command prompt), I can test to see if the username and password
> are correct.
>
> Could anyone shed some light as to whether I can use the info given in
> the authentication box and use that as input for ncsa_auth in a
script.
> My scripting knowledge is not too great and nor my understanding of
> the intricacies of squid itself.
>
-You seemingly want,to do, what Squid+NCSA_auth will do automatically
for you .. ??
M.
