Mailing List CGatePro@mail.stalker.com Message #92406
From: Andy Kunkle <akunkle@aimengr.com>
Subject: authLDAPNew2.pl with AD
Date: Thu, 30 Aug 2007 14:28:33 -0400
To: 'CommuniGate Pro Discussions' <CGatePro@mail.stalker.com>
X-Mailer: Microsoft Office Outlook 12.0
Hello All,

I'm trying to get things figured out with authenticating against my AD
server (windows 2003 SP2) for users who are out of my office. As it stands
now I'm able to authenticate locally and over the VPN's using Kerberos. This
is not the case for web-users, and obviously, Pronto! My main concern is
that the password be encrypted and secure.

I downloaded the new authLDAPNew2.pl script and added it as an external
authenticator. I disabled the internal CGP password for the user and then
try to log in.

Here's the error I'm getting in the logs:

14:22:29.722 5 XIMSS new VStream created, n=1
14:22:29.722 5 XIMSS stream thread started
14:22:29.722 4 XIMSSI-000004([192.168.0.132]) got connection on
[192.168.0.30]:8100(mail.aimengr.com) from [192.168.0.132]:2942
14:22:29.722 5 XIMSSI-000004([192.168.0.132]) inp(9): <XIMSS/>\000
14:22:29.722 5 XIMSSI-000004([192.168.0.132]) out: <XIMSS
domain="mail.aimengr.com" server="CommuniGate Pro" version="5.1.12"/>\000
14:22:29.723 5 XIMSSI-000004([192.168.0.132]) inp(35): <login id="L1"
method="CRAM-MD5"/>\000
14:22:29.723 5 XIMSSI-000004([192.168.0.132]) SASL-0(CRAM-MD5) out:
<4.1188498149@mail.aimengr.com>
14:22:29.723 5 XIMSSI-000004([192.168.0.132]) out: <challenge
value="PDQuMTE4ODQ5ODE0OUBtYWlsLmFpbWVuZ3IuY29tPg=="/>\000
14:22:29.886 5 XIMSSI-000004([192.168.0.132]) inp(101): <auth id="L1"
value="YWt1bmtsZUBtYWlsLmFpbWVuZ3IuY29tIGI5ZWNlN2U2ZmNjNjBlZjkzMmQ1MWQ0MjRiN
mFiZmQz"/>\000
14:22:29.886 5 XIMSSI-000004([192.168.0.132]) SASL-0(CRAM-MD5) inp:
akunkle@mail.aimengr.com b9ece7e6fcc60ef932d51d424b6abfd3
14:22:29.887 1 EXTAUTH failed: SASL(CRAM-MD5) (XIMSS)
akunkle@mail.aimengr.com b9ece7e6fcc60ef932d51d424b6abfd3
"<4.1188498149@mail.aimengr.com>" [192.168.0.132]. Error Code=external
helper output closed
14:22:29.887 1 EXTAUTH akunkle@mail.aimengr.com(XIMSS) password verification
failed. Error Code=external helper output closed
14:22:29.887 1 ACCOUNT(akunkle) login(XIMSS) from [192.168.0.132] failed.
Error Code=incorrect password
14:22:31.890 5 XIMSSI-000004([192.168.0.132]) out: <response id="L1"
errorText="incorrect password or account name" errorNum="515"/>\000
14:22:31.890 4 XIMSSI-000004([192.168.0.132]) closing connection
14:22:31.890 4 XIMSSI-000004([192.168.0.132]) releasing stream

So I'm thinking it has something to do with the configuration of the
authLDAPNew2.pl script. Here's the section I'm most lost with and I'm sure
it's wrong. Anyone have any idea of how it should look when talking to an AD
server?

I setup a user in the root of AD named cgatebind  and that's the one I was
going to use with this script.

my @ldap_servers=(  # you can specify multiple LDAP servers here
{ address=>'192.168.0.25',     # the address or IP of LDAP server
  port=>389,                # LDAP port, 389 by default
  timeout=>5,               # timeout in seconds, 20 by default
  adminDN=>'cn=cgatebind,dc=aimengr,dc=com',  # the DN for admin bind
  adminPassword=>'xxxxxxx',
  searchBase=>'dc=aimengr,dc=com',  # search base for NEW and SASL commands
  searchFilter=>'(&(uid=cgatebind)(objectclass=*))',
  bindDN=>'cn=cgatebind,dc=aimengr,dc=com', # the account DN for direct bind
for VRFY command
},

Any ideas would be greatly appreciated. I feel like this is the last piece
to the puzzle. Once I have this working, I can really think about moving
forward with the purchase of CGPro.


Andy Kunkle
IT Administrator
AIM Engineering & Surveying, Inc.
5300 Lee Blvd
Lehigh Acres, FL 33971
239-332-4569




Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster