Hello List,
I have a slight problem. I need to squid to authenticate against a samba
PDC with an LDAP backend. I would like it to do the Authentication
without the help of SAMBA and to get the password right out of the LDAP
server and unhash.
Would this be the helper I am looking for (squid3):
Usage: digest_pw_auth(LDAP_backend) -b basedn -f filter [options]
ldap_server_name
-A password attribute(REQUIRED) User attribute that
contains the password
-l password realm delimiter(REQUIRED) Charater(s) that devides
the password attribute
in realm and password
tokens, default ':' realm:password
-b basedn (REQUIRED) base dn under where to
search for users
-e Encrypted passwords(REQUIRED) Password are stored
encrypted using HHA1
-F filter user search filter
pattern. %s = login
-u attribute attribute to use in
combination with the basedn to create the user DN
-s base|one|sub search scope
-D binddn DN to bind as to perform
searches
-w bindpasswd password for binddn
-W secretfile read password for binddn
from file secretfile
-H URI LDAPURI (defaults to
ldap://localhost)
-h server LDAP server (defaults to
localhost)
-p port LDAP server port
(defaults to 389)
-P persistent LDAP connection
-c timeout connect timeout
-t timelimit search time limit
-R do not follow referrals
-a never|always|search|find when to dereference aliases
-v 2|3 LDAP version
-Z TLS encrypt the LDAP
connection, requires
LDAP version 3
-S Strip NT domain from
usernames
If you need to bind as a user to perform searches then use the
-D binddn -w bindpasswd or -D binddn -W secretfile options
And could someone please provide me with an example of its usage.... as
I am having no luck here testing it.
[root@xxxxx:/usr/lib/squid3] ./digest_ldap_auth -R -b
"ou=People,dc=domain,dc=co,dc=za" -u "uid" -A sambaNTPassword -h
ldap_server
etiennep 83152D7BEBBCA0BF0E5E170005097A69
ERR
[root@xxxxx:/usr/lib/squid3] ./digest_ldap_auth -R -b
"ou=People,dc=domain,dc=co,dc=za" -u "uid" -A sambaNTPassword -h
ldap_server
CPT-OFFICE\etiennep 83152D7BEBBCA0BF0E5E170005097A69
ERR
Oh, btw anonymous binds are allowed for searches only... this will
change once it is working. Also the firewall is not interfering and the
connection is not secured, as this is within a testing environment.
Any help with this will be much appreciated.
--
Kind Regards
Etienne Pretorius