ons 2007-06-13 klockan 17:11 +0200 skrev Etienne Pretorius: > Hello List, > > I have a slight problem. I need to squid to authenticate against a samba > PDC with an LDAP backend. I would like it to do the Authentication > without the help of SAMBA and to get the password right out of the LDAP > server and unhash. Should be doable, but you'll need to implement the hash function to compare the passwords.. unless Samba stores the plaintext password in their password backend.. (which I doubt..) > Would this be the helper I am looking for (squid3): > > Usage: digest_pw_auth(LDAP_backend) -b basedn -f filter [options] > ldap_server_name That helper is for the Digest authentication scheme. Requires either plain-text or Digest realm specific hashed passwords in the backend. > And could someone please provide me with an example of its usage.... as > I am having no luck here testing it. > > [root@xxxxx:/usr/lib/squid3] ./digest_ldap_auth -R -b > "ou=People,dc=domain,dc=co,dc=za" -u "uid" -A sambaNTPassword -h > ldap_server > etiennep 83152D7BEBBCA0BF0E5E170005097A69 > ERR Are you really using 83152D7BEBBCA0BF0E5E170005097A69 as your password? Awfully long string to type.. Also please note that using the -A option retreives that attribute from the LDAP in order to compare with the supplied password. To use this the user squid_ldap_auth binds as must have read access on the attribute. Any password related attributes usually has very strict access controls in most LDAP servers.. What do your user object look like in the LDAP tree? Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
