[NoCat] LDAP and NoCat, nearly working..
Jesper Haggren, Zolid
jeha at zolid.dk
Mon May 22 06:35:29 PDT 2006
Hi NoCat list,
I have a working NoCatAuth setup running with "DataSource = Passwd" -
the last thing I would like to get working is for nocat to use my
existing Windows 2003 Server Active Directory for the authorization part.
I tried both with nocat 0.82 and with the ACTARES-fork. Both
auth-servers are still running. Heres is my senario:
I have a nocat-gateway called gw-srv1:
ETH0, 172.16.1.1: (running DHCP, DNS and so on).
ETH1, 192.168.1.3
Then I have 2 Auth-servers (one with 0.82 and one with the
ACTARES-fork). Currently I use the one with the ACTARES-fork:
ath-srv1, ETH0 192.168.1.4 (ACTARES-fork)
ath-srv2, ETH0 192.168.1.5 (0.82)
Both work fine in DataSource=Passwd mode.
Then I have my Windows 2003 Domain controller, fil-srv2 (fil-srv2.sgu.dom):
ETH0, 192.168.1.11 (windows AD).
-----------
The only thing I want is for the AUTH-server to be able to validate a
wireless-user by looking at my Windows AD-server. All users who is
allowed to access the Internet from the wireless network are located in
a OU called "sguPublicUsers".
I have no use for manipulating users/data trough the nocat-admintool.
All user-setup will be done on the Windows server.
I can't get this to work, and the main problem is in fact that I have no
log-file telling me what is wrong - when a user called "ji" tries to
logon using his emailadress (as described in the nocat.conf) which is
ji at sgu.dom (my ad-domain is called sgu.dom) the nocat gateway returns:
"That emailadress is unknown. PLease try again".
All packages should be in place (Net::LDAP and IO::Socket:SSL and so
on..). My authserver nocat.conf file is located below.
Thanks in avance!
Jesper Haggren
Partner, System Developer
Zolid
---------------------
Bjergbygade 1A
DK-4200 Slagelse
Tele +45 70 20 91 13
Mobil +45 61 33 08 49
E-mail: jeha at zolid.dk
www: http://zolid.dk
------------
###### BEGIN "nocat.conf" (NOCAT-AUTHSERVER)
###### GENERAL SETTINGS ######
Verbosity 8
GatewayLog /usr/local/nocat/nocat.log
##############################
###### AUTHSERVER SETTINGS ######
HomePage http://nocat.slagelse-gym.dk
DocumentRoot /usr/local/nocat/htdocs
#################################
###### AUTHENTICATION SETTINGS ######
###### ( LDAP requires Net::LDAP and IO:Socket::SSL ) ######
DataSource LDAP
UserFile /usr/local/nocat/etc/passwd
GroupUserFile /usr/local/nocat/etc/group
GroupAdminFile /usr/local/nocat/etc/groupadm
# DataSource LDAP
# LDAP_Host - Hostname or IP Address of LDAP directory
# LDAP_Base - LDAP container for searching and creating users
# LDAP_Admin_User - Fully distinguished name of administrative user
# (*MUST* be able to create users in specified
container)
# LDAP_Admin_PW - Administrator user's password
# LDAP_Hash_Passwords - Wether passwords are to be MD5 hashed by NOCAT
# LDAP_Filter - Attribute name containing user's ID (emailAddress)
# LDAP_PasswdField - Attribute name containing user's password
# LDAP_StampField - Attribute name containing user's creation
timestamp
# LDAP_ModifyField - Attribute name containing user's modification
timestamp
# LDAP_CNField - Attribute name containing user's common name
# (which typically is the first part of the user's
emailAddress)
# NOTE: This attribute is NOT really useful and
*SHOULD* be
# removed later...
# LDAP_NetGroupsField - *MULTI-VALUED* attribute name containing the
# network groups the user belongs to
# LDAP_GroupIDField - Attribute name containing a network group's name
# LDAP_GroupAdminField - Attribute name containing a network group's
# administratorID (emailAddress)
# LDAP_nocatUser_OC - NOCAT user's objectclass (see "nocat.schema")
# LDAP_nocatGroup_OC - NOCAT group's objectclass (see "nocat.schema")
#
# This version of LDAP.pm has been tested against OpenLDAP 2.1.25 (with AES
# encryption patches).
# The login "ID" is the user's email address.
# Everything is stored in the LDAP directory using the "nocat.schema"
under "LDAP_Base".
# Nocat USERS are stored as "nocatUser" objectclasses.
# Nocat GROUPS are stored as "nocatGroups" objectclasses.
LDAP_Host fil-srv2.sgu.dom
LDAP_Base ou=sguPublicUsers,dc=sgu,dc=dom
LDAP_Admin_User cn=admin,dc=sgu,dc=dom
LDAP_Admin_PW ******
LDAP_Hash_Passwords No
LDAP_Filter mail
#### ...ONLY CHANGE THE LDAP SETTINGS BELOW IF YOU *REALLY* KNOW WHAT
YOU ARE DOING... ####
LDAP_PasswdField userPassword
LDAP_StampField creationDate
LDAP_ModifyField modifyDate
LDAP_CNField cn
LDAP_NetGroupsField networkGroups
LDAP_GroupIDField groupName
LDAP_GroupAdminField groupAdmin
LDAP_nocatUser_OC nocatUser
LDAP_nocatGroup_OC nocatGroup
#####################################
###### USER TABLE SETTINGS ######
# UserTable **SQL-ONLY** is the name of the SQL table
containing the user ID data.
# UserIDField Name of INTERNAL NOCAT hashtable index
containing user's ID (emailAddress).
# UserPasswdField Name of INTERNAL NOCAT hashtable index
containing user's password.
# UserStampField Name of INTERNAL NOCAT hashtable index
containing user's creation timestamp.
# UserModifyField Name of INTERNAL NOCAT hashtable index
containing user's modification timestamp.
# UserCNField Name of INTERNAL NOCAT hashtable index
containing user's commonname (first part of his emailAddress).
# UserNetGroupsField Name of INTERNAL NOCAT hashtable index
containing *ARRAY REFERENCE* to network groups a user belongs to.
#### ...ONLY CHANGE THE USERTABLE SETTINGS BELOW IF YOU *REALLY* KNOW
WHAT YOU ARE DOING... ####
UserTable member
UserIDField login
UserPasswdField pass
UserStampField created
UserModifyField modified
UserCNField commonname
UserNetGroupsField networkGroups
#################################
###### GROUP TABLE SETTINGS ######
# GroupTable **SQL-ONLY** is the name of the SQL table
containing the group ID data.
# GroupIDField Name of INTERNAL NOCAT hashtable index
containing group ID (group name).
# GroupAdminField Name of INTERNAL NOCAT hashtable index
containing group administrator's ID (emailAddress).
#### ...ONLY CHANGE THE GROUPTABLE SETTINGS BELOW IF YOU *REALLY* KNOW
WHAT YOU ARE DOING... ####
GroupTable network
GroupIDField network
GroupAdminField admin
##################################
######### WEB APPLICATION SETTINGS ######
MinPasswdLength 6
######################################
###### GPG SETTINGS ######
#PGPKeyPath /usr/local/nocat/pgp
#GpgPath /usr/local/bin/gpg
#MessageSign $GpgPath --clearsign --homedir=$PGPKeyPath -o-
##########################
###### NETWORK SETTINGS ######
###### (Net::Netmask is required) ######
#LocalGateway wifigate.company.lan
#LocalNetwork 172.16.10.0/24
#LocalGateway 192.168.1.3
##############################
###### TEMPLATE NAMES ######
LoginForm login-no-skip.html
LoginOKForm login_ok.html
FatalForm fatal.html
ExpiredForm expired.html
RenewForm renew.html
PassiveRenewForm renew_pasv.html
RegisterForm register.html
RegisterOKForm register_ok.html
RegisterFields name url description
UpdateForm update.html
UpdateFields url description
############################
###### USER MESSAGES ######
LoginGreeting Greetings! Welcome to the NOCAT NETWORK.
LoginMissing Please fill in all fields!
LoginBadUser That e-mail address is unknown. Please try again.
LoginBadPass That e-mail and password do not match. Please try again.
LoginBadStatus Sorry, you are not a registered co-op member.
RegisterGreeting Welcome! Please enter the following information to
register.
RegisterMissing Name, E-mail, and password fields must be filled in.
RegisterUserExists Sorry, that e-mail address is already taken. Are you
already registered?
RegisterBadUser The e-mail address provided appears to be invalid.
Did you spell it correctly?
RegisterInvalidPass All passwords must be at least six characters long.
RegisterPassNoMatch The passwords you provided do not match. Please try
again.
RegisterSuccess Congratulations, you have successfully registered.
UpdateGreeting Enter your E-mail and password to update your info.
UpdateBadUser That e-mail address is unknown. Please try again.
UpdateBadPass That e-mail and password do not match. Please try again.
UpdateInvalidPass New passwords must be at least six characters long.
UpdatePassNoMatch The new passwords you provided do not match. Please
try again.
UpdateSuccess Congratulations, you have successfully updated your
account.
###########################
###### END OF "nocat.conf" (NOCAT-AUTHSERVER)
More information about the NoCat
mailing list