Squid3 Samba3 PDC Authentication via LDAP -- help

Etienne Pretorius <etiennep@xxxxxxxxxxxxxx> · Wed, 13 Jun 2007 17:11:27 +0200

Hello List,

I have a slight problem. I need to squid to authenticate against a samba 
PDC with an LDAP backend. I would like it to do the Authentication 
without the help of SAMBA and to get the password right out of the LDAP 
server and unhash.

Would this be the helper I am looking for (squid3):

Usage: digest_pw_auth(LDAP_backend) -b basedn -f filter [options] 
ldap_server_name

       -A password attribute(REQUIRED)         User attribute that 
contains the password
       -l password realm delimiter(REQUIRED)   Charater(s) that devides 
the password attribute
                                               in realm and password 
tokens, default ':' realm:password
       -b basedn (REQUIRED)                    base dn under where to 
search for users
       -e Encrypted passwords(REQUIRED)        Password are stored 
encrypted using HHA1
       -F filter                               user search filter 
pattern. %s = login
       -u attribute                            attribute to use in 
combination with the basedn to create the user DN
       -s base|one|sub                         search scope
       -D binddn                               DN to bind as to perform 
searches
       -w bindpasswd                           password for binddn
       -W secretfile                           read password for binddn 
from file secretfile
       -H URI                                  LDAPURI (defaults to 
ldap://localhost)
       -h server                               LDAP server (defaults to 
localhost)
       -p port                                 LDAP server port 
(defaults to 389)
       -P                                      persistent LDAP connection
       -c timeout                              connect timeout
       -t timelimit                            search time limit
       -R                                      do not follow referrals
       -a never|always|search|find             when to dereference aliases
       -v 2|3                                  LDAP version
       -Z                                      TLS encrypt the LDAP 
connection, requires
                               LDAP version 3
       -S                                      Strip NT domain from 
usernames

       If you need to bind as a user to perform searches then use the
       -D binddn -w bindpasswd or -D binddn -W secretfile options

And could someone please provide me with an example of its usage.... as 
I am having no luck here testing it.

[root@xxxxx:/usr/lib/squid3] ./digest_ldap_auth -R -b 
"ou=People,dc=domain,dc=co,dc=za" -u "uid" -A sambaNTPassword  -h 
ldap_server
etiennep 83152D7BEBBCA0BF0E5E170005097A69
ERR

[root@xxxxx:/usr/lib/squid3] ./digest_ldap_auth -R -b 
"ou=People,dc=domain,dc=co,dc=za" -u "uid" -A sambaNTPassword  -h 
ldap_server
CPT-OFFICE\etiennep 83152D7BEBBCA0BF0E5E170005097A69
ERR

Oh, btw anonymous binds are allowed for searches only... this will 
change once it is working. Also the firewall is not interfering and the 
connection is not secured, as this is within a testing environment.

Any help with this will be much appreciated.
--

Kind Regards

Etienne Pretorius