I am trying to use LDAP to authenticate users to the PORTUS Application
Protection Suite, which is installed on a Red Hat Linux machine. The part
of the configuration file for the proxy which deals with LDAP is:
<Proxy *>
Order deny,allow
AuthLDAPEnabled on
AuthLDAPURL ldap://192.168.1.100:389/dc=mmicmanhomenet,dc=local?CN
AuthLDAPBindDN "CN=worm boy,OU=Windows XP
Desktops,DC=mmicmanhomenet,DC=local"
AuthLDAPBindPassword udp_1434_slammer
require valid-user
allow from 192.168.1.96/255.255.255.240
deny from all
</Proxy>
When trying to autheticate, the packet dump error is:
Frame 23 (255 bytes on wire, 255 bytes captured)
Arrival Time: Apr 2, 2004 08:38:33.917970000
Time delta from previous packet: 0.002245000 seconds
Time since reference or first frame: 24.658912000 seconds
Frame Number: 23
Packet Length: 255 bytes
Capture Length: 255 bytes
Ethernet II, Src: 00:04:76:c8:25:db, Dst: 00:04:23:9e:ef:2a
Destination: 00:04:23:9e:ef:2a (portus.mmicmanhomenet.local)
Source: 00:04:76:c8:25:db (192.168.1.100)
Type: IP (0x0800)
Internet Protocol, Src Addr: blowjob.mmicmanhomenet.local (192.168.1.100),
Dst Addr: portus.mmicmanhomenet.local (192.168.1.97)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 241
Identification: 0x98f9 (39161)
Flags: 0x04
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdcf7 (correct)
Source: blowjob.mmicmanhomenet.local (192.168.1.100)
Destination: portus.mmicmanhomenet.local (192.168.1.97)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 32772
(32772), Seq: 3382585399, Ack: 3103802586, Len: 189
Source port: ldap (389)
Destination port: 32772 (32772)
Sequence number: 3382585399
Next sequence number: 3382585588
Acknowledgement number: 3103802586
Header length: 32 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 17381
Checksum: 0x8a3a (correct)
Options: (12 bytes)
NOP
NOP
Time stamp: tsval 10854857, tsecr 24166
Lightweight Directory Access Protocol, Bind Result
Message Id: 1
Message Type: Bind Result (0x01)
Message Length: 174
Response To: 22
Time: 0.002245000 seconds
Result Code: Strong authentication required (0x08)
Matched DN: (null)
Error Message: 00002028: LdapErr: DSID-0C090169, comment: The server
requires binds to turn on integrity checking if SSL\TLS are not already
active on the connection, data 0, vece
__________________________________________________ __________________________________________________ ________________________
Does this mean that my only option for authticating to a linux box is via
LDAP SSL? I have a standalone root CA on one of my domain controllers, to
use for eventually authticating Linux workstations. If someone could tell
be if this is what I need to do, and if so what the procedure is?
Similar Threads
Linear Mode
