[pubcookie-users] Pubcookie and Windows 2003 AD

Michael Miller mmiller at sungardcollegis.com
Mon Jun 6 12:43:37 PDT 2005 

My bad...It helps if to copy the newly build index.cgi to the web
directory. I had made the wrong assumption that only the keyserver code
would change.

The LDAP authorization is still failing but I suspect I need to look at
the query string. How does Pubcookie verify the password against the
LDAP server? I understand the LDAP x- extensions but those are meant to
be static, correct? Pubcookie doesn't replace them with the username and
password that is passed in?

Thanks!

Michael

-----Original Message-----
From: Nathan Dors [mailto:dors at cac.washington.edu] 
Sent: Monday, June 06, 2005 2:30 PM
To: Michael Miller
Cc: pubcookie-users at u.washington.edu
Subject: Re: [pubcookie-users] Pubcookie and Windows 2003 AD

Are you saying that the login cgi works when you point the 
ldap_uri in your pubcookie config file to your test LDAP server, 
and that it doesn't work when you change it to point to AD?

More likely, the login cgi wasn't built with the --enable-ldap 
option. Well, perhaps. The "ldap not implemented" message comes 
from code where ENABLE_LDAP isn't defined.

Side answer to the side note: you shouldn't have to change the 
AuthType value. But I'd try to get the login cgi working by itself 
first, before adding any application servers.

-Nathan

On Mon, 6 Jun 2005, Michael Miller wrote:

>
> I've been trying to get the pubcookie ldap basic verifier working with
> Windows 2003 Active Directory. The error message that I receive is "
> login failed for mmiller: ldap not implemented." My OpenLDAP test
search
> works fine, see below. I have made sure that openldap, openldap-devel,
> openldap-clients are all installed on the machine. The keyserver is
> running as the root user so I assume that there are no file permission
> issues.
>
> As a side note...does the AuthType value on the ISAPI filter need to
now
> change to ldap? What affect does the setting have on the system?
>
> I have included the config and log files below.
>
> Any Ideas are greatly appreciated. Thanks again for the support!
>
> Michael
>
>
>
>
> /usr/local/pubcookie/config
> Basic_verifier: ldap
> Ldap_uri:
>
ldap://My-DC.collegis.com:389/cn=users,dc=collegis,dc=com??sub?(sAMAccou
> ntName=%s)?x-BindDN=MyUser,x-Password=MyPassword
>
>
>
> OpenLDAP Test Search
> ldapsearch -H ldap://orldc-dom.collegis.com/ -x 	\
> 		-D MyUser at collegis.com -W 			\
> 		-b cn=Users,dc=collegis,dc=com 		\
> 		-s sub "sAMAccountName=mmiller"
>
>
>
> /var/log/secure
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> libpbc_pubcookie_init
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> libpbc_augment_rand_state: hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Sufficient
> Randomness: nothing to do.
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: security_init:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> make_crypt_keyfile: hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> make_crypt_keyfile: goodbye
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: security_init:
> goodbye
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: can't open ok
> browsers file: /usr/local/pubcookie/ok_browsers, continuing
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: cgiMain() Hello
> (0)
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: cgiMain() done
> initializing...
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Pragma:
No-Cache
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Cache-Control:
> no-store, no-cache, must-revalidate
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Expires: Sat, 1
> Jan 2000 01:01:01 GMT
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Content-Type:
> text/html
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query:
hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: no
> post_stuff
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: load_login_rec:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: load_login_rec:
> bye
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login user: mmiller
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login version: a5
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login creds: 1
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login appid: pinit
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login host: loginsvr.collegis.com
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login appsrvid: loginsvr.collegis.com
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login first_kiss: 162963456
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login post_stuff:
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_query: from
> login relay_uri: null
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> verify_unload_login_cookie: hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_cookie:
hello
>
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_cookie: no
> cookies, bailing.
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
1118068410-584214
> Visit from user: mmiller client addr: 172.16.5.100 app host:
> loginsvr.collegis.com appid: pinit uri: /index.cgi relay: (null)
> because: PInit
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: check_logout:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: check_logout:
> program name: /index.cgi
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: check_logout:
bye
>
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: cookie_test:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: cgiMain:
checked
> user_agent, logout, and pinit.
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: vector_request:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: init_basic:
using
> ldap verifier
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: check_l_cookie:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> verify_unload_login_cookie: hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_cookie:
hello
>
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: get_cookie: no
> cookies, bailing.
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: process_basic:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: process_basic:
> create=-1,  reauth=0
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: process_basic:
> create=1118068410
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: flavor_basic:
> login failed for mmiller: ldap not implemented
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: flavor_basic:
> (null): ldap not implemented
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
print_login_page:
> hello reason: 1
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> flb_get_reason_html: hello reason: 1
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> ntmpl_sub_template: hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> ntmpl_sub_template: goodbye: <p>Authentication Failed</p>
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> flb_get_reason_html: bye return: 1
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> ntmpl_sub_template: hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> ntmpl_sub_template: goodbye: <INPUT TYPE="text" NAME="user" SIZE="20"
> VALUE="">
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> flb_get_user_field: goodbye: <INPUT TYPE="text" NAME="user" SIZE="20"
> VALUE="">
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> get_kiosk_duration: agent=Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT
> 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50215), ip=172.16.5.100
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Not a kiosk
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
ntmpl_print_html:
> hello
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
ntmpl_print_html:
> goodbye
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]:
print_login_page:
> goodbye: 1
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: process_basic:
> login in progress, goodbye
> Jun  6 10:33:41 loginsvr pubcookie login server[2959]: Done.. c=1,
> max=100
>
>
> _______________________________________________
> pubcookie-users mailing list
> pubcookie-users at u.washington.edu
> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-users
>

More information about the pubcookie-users mailing list