Software :: LDAP Or NTLM And SQL For Authenication?
Sep 23, 2010
I have a problem I hope someone here can give me some guidance on. I have been looking for ways to do this and so far have come up short. My need is to keep logs of usage of several copiers for billing purposes. The copiers have a built in account code system, with a 999 code limit and will keep the counts, however we have about 12,000 active accounts. Not every account will have usage every month and not every copier needs every account. The last thing I want to have to do is manually update the copier account information every day.
The copiers can authenticate against NTLM (v1 and v2) and "Active Directory" I am told they will happily access LDAP or e-Directory (we are a Novell shop). I dont' want to authenticate users, I want to authenticate "Accounts". I have a MS SQL database that has the "Account information" and my thought was to set up a way to have an LDAP server access the M$ SQL DB (probably a view) to get authentication for the copier to allow the prints and keep the counts. Which I can then import weekly into the accounting system.
So the question is has anyone ever done something like this? Anyone have any idea how best to go about accomplishing this? I guess I could set up an LDAP server separately for the purpose, but it seems I should be able to consolidate things more than that, so that if the account is "Active" it is Authenticated to the copiers If this works well, I will be probably be moving to moving to phone authentication next.
View 3 Replies
ADVERTISEMENT
May 20, 2010
I'm writing some php code and part of it sending an email through smtp server, I used Mail.php from pear but unfortunately I didn't work since the smtp server is using NTLM authentication.Any alternates to Mail.php could solve this problem?
View 1 Replies
View Related
Nov 11, 2010
I'm trying to debug the NTLM LWP module.
I added use LWP:ebug qw(+); to the top of my script, but I can't see any change.
I'm on Windows if that makes a difference (installed activeperl).
I know there are probably a million reasons why something perl won't work, but can anyone help me get debug logging showing up?
View 1 Replies
View Related
Apr 7, 2010
Our IT department have NTLM deployed through the intranet servers.I've set network.automatic-ntlm-auth.trusted-uris value in Firefox on some of the Windows machines and that works fine.However setting it in Firefox on the Linux machines is not working.This doesn't surprise me at all, I've no notion of where Firefox on Linux is supposed to get the authentication details from.So how is this process supposed to work? what bits of config / infrastructure am I missing?
View 1 Replies
View Related
Feb 23, 2010
I want to configure NTLM for my Apache webserver, so that it uses active directory login credentials.
Additional info : my listen port will be 82 (http://xxxx.com:82)
View 1 Replies
View Related
Nov 10, 2010
I'm trying to write a script in Perl to download a file that requires NTLM authentication to access, stored on a machine on this network.The file exists, and can be accessed through a web-browser, btw.
View 1 Replies
View Related
Mar 7, 2010
I have a problem setting up a SSH tunnel. I know how it's usually done, but the setup is different this time. I am behind a HTTP(S) and FTP proxy, that does NTLM authentication, and I want to access a server beyond the proxy.
MY CLIENT <-> LAN <-> HTTP PROXY <-> INTERNET <-> MY SERVER
So far, the best I have achieved is installing and configuring CNTLM as a local proxy for the authentication part. Using CNTLM, I managed to access and mount a secured (https) DAV share using davfs2. In theory, CNTLM should let me setup permanent tunnels from local ports to distant ports, and it does; however these tunnels don't seem to work for SSH nor for IMAP (another protocol I tried).
I suspect the problem is that neither SSH nor IMAP is HTTP- or FTP-based, but anyway it does not work. So back to square one: how should I proceed to get ssh to connect through the HTTP proxy (with NTLM authentication) to the remote server? For that matter, if there's a better way than SSH to create a tunnel, that would work in my situation, that's OK with me. Just in case, here are the relevant parts from my firewall setup on the server:
Code:
# default policies
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT ACCEPT
# reset
iptables -t filter -F INPUT
iptables -t filter -F FORWARD
iptables -t filter -F OUTPUT
# allow continuation of established connections
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A INPUT -f -j ACCEPT
# allow local connections
iptables -t filter -A INPUT -i lo -j ACCEPT
# open ports:
# ssh
iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
Yves.
View 2 Replies
View Related
Nov 11, 2010
I have a squid server currently running with basic authentication. This is a must because we constantly have different people using different machines but the rules must be set per user, not per machine.
We also have a lot of users coming and going. So every time a new user comes to the office I have to manually create a user for him so he can authenticate.
Anyway.. We do not have any windows servers so no Active Directory. But I need some solution to pass the windows login to Squid.
First question: It seems I am using NTLM currently for samba as the person can map their home directories on their windows box withuot authenticating. Why can I not use it for squid?
Second question: Can I make my Centos server into an AD server?
View 1 Replies
View Related
Nov 24, 2008
I have a problem with the NTLM proxy we use in school. YAST proxy configuration won't work, it just says authentication error. We have to login with the user in DOMAINuser style and a password, in Firefox it works.
View 6 Replies
View Related
Mar 13, 2010
i have configured ldapserver on rhel4 for creating address book
following are configuration files on ldap server
/etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
i am able to import this ldif file into database.also when i perform the ldapsearch on this server with command"ldapsearch �x �W �D �cn=manager, dc=example, dc =com� �b �dc=example, dc=com�" i get correct output.
but when i am trying to search from another client machine, i am getting "error ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"
also when i configured address book on mozilla on server., it is working fine.but not working on another machine.is any configuration is missing on client machine.both ldap server and client are configured on rhel4es without any firewall or selinux.
View 3 Replies
View Related
Jul 2, 2010
I took to yast to install ldap. I creating the CA cert, server key and server cert and specified them during the yast ldap server dialogs.
The firewall is open for ldap.
I also went through yast's ldap client ... though I didn't exactly see to anything (presuably it wrote up a configuration file somewhere).
However when trying use the basic ldap tools, like ldapwhoami. Well it doesn't connect and gives me the above error. Of coure the ldap db is unpopulated as yet, so it probably is not able to say who am at all. But ldapadd doesn't work either.
It seems to point to my SSL usage not being correct .. so I'm trying to double check that now.
View 2 Replies
View Related
Apr 5, 2010
i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....
View 11 Replies
View Related
Sep 8, 2009
I installed CentOS 5.2 and then run yum update. I configured this server as LDAP/Samba primary domain controller. LDAP seems to be OK and for testing I am able to create users with:smbldap-tools useradd -am usernameI can ssh into the server as root and also as a Linux user which was locally created in the server. But ssh into the server as LDAP user fails (from a Fedora 11 machine) with "Permission denied, please try again", prompting again for password.Some data:
# rpm -qa | grep ldap
python-ldap-2.2.0-2.1
php-ldap-5.1.6-23.2.el5_3
[code]....
View 1 Replies
View Related
May 25, 2011
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
View 1 Replies
View Related
Mar 7, 2011
I have a CentOS 5 box that is a web server. When it generates emails, all emails should go out through our Exchange mail server.I believe our Exchange server requires NTLM authentication:
View 1 Replies
View Related
May 31, 2010
I'm trying to set up a Linux server and I am new to this. I have gone through most of the configuration using SAMBA 3.0 and when I populate the ldap directory all I get this error before the password request:
Then when I perform an ldapsearch to see if the directory is populated I get this message:
I'm positive all my .conf files are done right.
View 3 Replies
View Related
Nov 28, 2008
I'm checking with a sniffer and there's activity going on between the client and the LDAP server... as a matter of fact, the sniffer shows that the search is producing one ldap item, however, php says it can't contact the ldap server (after it has bound and everything):
The script is working beautifully on another host with debian.
View 7 Replies
View Related
Aug 9, 2010
why i can't login on the ldap-client via ldap, so here is a short description of my machines (i use openvz virtualising)I have on the HN (Debian Lenny) 2 VE's, which are in the same subnet (192.168.1.0/24)The first VE (Hostname: ldap1, IP: 192.168.1.91) is the ldap-server, which is so configured, that i can manage the server via phpldapadmin.The second VE (Hostname: ftp1, IP: 192.168.1.31) is the ldap-client, there should run a sftp-server in the future and the sftp-server(ssh-server) should use ldap-usernames to login. on the ftp1, i get with this command getent passwd the users configured on the ldap-server, but with the command id USERNAME the result is, that the user doesn't exist. (USERNAME is this name, i get returned by getent) and if i try to login via ssh, i get permission denied. and because the machines are openvz-virtual-machines, so i can't login on them like on a normal system, but a su USERNAME doesn't work too, because the user is not known on the system.
my installation:
i don't think, that the ldap-server is the problem, because the phpldapadmin and getent on ftp1 are working perfectly, but if you want, i can post the config here too. the VE ftp1 was configured with the following how-to: [URL] and pam is configured like in the chapter "PAM setup with pam_ldap" on [URL]
View 3 Replies
View Related
Dec 2, 2010
I've setup an Ubuntu 10.10 LDAP Client to authenticate off my LDAP server. I've install the following: sudo apt-get install libpam-ldap libnss-ldap nss-updatedb libnss-db nscd ldap-utils pam_ccreds Here's my /etc/nsswitch.conf: passwd: files ldap [NOTFOUND=return] db group: files ldap [NOTFOUND=return] db
[Code]...
View 9 Replies
View Related
Mar 31, 2010
I've compiled openssh-5.4p1 on RHEL 4.8 with Openssl 0.9.8m + pam It works perfect without pam (pam-0.77-66), both with password and public key auth. Whith pam enabled and LDAP (openldap-2.4.21, from scratch) something strange happens: system users: I can do ssh with both password and public key LDAP users: public key works for remote users, still I cannot do ssh with just password. I'm trying a custom PAM configuration, because the default one (even with authconfig + LDAP ) blocks ssh even with system users.
My pam SSHD configuration is:
#%PAM-1.0
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth sufficient pam_ldap.so use_first_pass
[code]....
My LDAP users are ok: i can do "su - " remote LDAP (so that nss_ldap is OK), also getent passwd and getent group is ok.
View 2 Replies
View Related
Oct 21, 2010
I have LDAP authentication working via SSSD using authconfig-tui and a few minor modifications to sssd.conf (ie: max_id etc). The problem I am having is it would appear /etc/ldap.conf is being ignored and/or setups that work perfectly on RHEL5, F11 and F12 no longer work on F13. Specifically Im referring to "pam_check_host_attr" and "nss_map_attribute". It refuses to honor either of these options and I can only assume a number of the other options in our ldap.conf. For instance, "nss_map_attribute" is defaulting to the standard "homeDirectory" rather than "homeDirectoryLinux". This is related to a bunch of OSX clients we have and its not optional to use another setup. The host restriction is also a major issue.
Relevant sssd.conf:
[domain/default]
auth_provider = ldap
cache_credentials = True
View 11 Replies
View Related
Jul 13, 2010
can anyone tell me what is the difference between these two files of LDAP client /etc/ldap.conf and /etc/ldap/ldap.conf and for what purposes these two files gives services. Is it necessary to have these two files at a time ?
I use these files to install LDAP client to authenticate with our LDAP server by creating a symbolic link of /etc/ldap.conf to /etc/ldap/ldap.conf.
View 8 Replies
View Related
May 23, 2011
I had a machine that is using ldap, but need to remove it completely.I edited the /etc/nsswitch.conf and removed all references of ldapand renamed /etc/ldap.conf to /etc/ldap.conf.bakI can log in as root, but cannot log in as any user in /etc/passwdIn the /var/log it shows pam_ldap: missing file "/etc/ldap.conf"I am guessing I am missing something else?I never set this machine up for ldap, was here when i got here, so not sure of steps to even put ldap on.
View 2 Replies
View Related
May 31, 2010
we have a weird problem with our opensuse 11.2 server installation.
We want to set up a LDAP Server using the Yast-LDAP Server configuriation tool.
This indeed already worked weeks ago until....this week.
Maybe some updates??!
I do not know what happend exactly. The server just does not want to start again and throws following error:
Starting ldap-serverstartproc: exit status of parent of /usr/lib/openldap/slapd: 1 failed
This happend after a little check of the configuration, but without a change, with Yast. Google delivered only "reinstall your box"-answers.
So.. i did that. And now the "mystical" part: The SAME ERROR occurs with a fresh vanilla system with a brand new and simple configuration (certificats, database, pw...the first Yast config dialog...). I did not change the way i set it up.
I remember, when i did this the first time with 11.2 on that machine, when no problems occured...everything was running out of the box (except the "use commen server certificate" option...).
View 4 Replies
View Related
Sep 28, 2010
Just installed openldap server on a VM CentOS called 'ldapsrv', it works fine, ldapsearch returns all ldap information.
Installed openldap client on another VM CentOS called 'ldapclient1', configured it with most basic configuration, no ssl/tls etc. but ldapsearch returns error:
ldapsrv is pingable:
Some outputs:
PHP Code:
PHP Code:
View 20 Replies
View Related
Jun 29, 2011
I am aware that there is a qmail-ldap package to have ldap back end for qmail. But I need only user authentication for qmail through ldap (not the backend; i.e still keeping Mysql as the database). I am pretty new to mail server configuration. I have just configured a (q)mail server (which is currently my sand box) and am able send and receive emails. I am planning to add ldap authentication (just that) to it. Can anyone point me to the right direction?
View 6 Replies
View Related
Jun 5, 2011
In the past I found some great help on this forum, so here goes. Bare with me because it's a long story. I'll try to be as complete as possible. I've installed and configured OpenLdap on a virtual machine with ip 192.168.39.134. I've added 2 users via LAM. In the ou WikiUsers and the domain is wiki.local.
I've then created another host with ip 192.168.39.133 with mediawiki installed on it. Then I added the extension LDAPAuthenthication. In the LdapAuthentication file I added this code (only the last paragraph is mine, I added the others to show it's location in the script):
Quote:
$path = array( $IP, "$IP/includes", "$IP/languages" );
set_include_path( implode( PATH_SEPARATOR, $path ) . PATH_SEPARATOR . get_include_path() );
[code]...
I know I'm close because I can't register any new users or accounts on the mediawiki site. Although I could before I added the LDAP service. This is indeed all just to test and get to know how LDAP works. That's why it's all virtual in VMWare. I did not really configure anything on the LDAP, i just installed it and chose a domain (wiki.local).
View 5 Replies
View Related
Jan 10, 2009
What is the main difference between these two ? NIS and LDAP ?
View 1 Replies
View Related
Jun 24, 2011
Is it even possible to use LDAP on Ubuntu 11.04? After a full day of googling, every guide I can find is either for another version of Ubuntu or is horribly broken (including the official docs).
View 2 Replies
View Related
Jan 26, 2010
Is there any way to integrate LDAP with DNS? What I mean is if there is any way to ask an LDAP server with the standard LDAP API and the LDAP server reverts to a DNS server if the requested information is not present in the database.
View 2 Replies
View Related
