[general-l] ftp.proxy and ncftp {08}

Fri, 13 Feb 2004 14:53:01 +0100 

It's not wb_auth or wb_group, instead in Samba's bin directory is a perl 
script, wbinfo_group.pl and this is output, with debug on:

Output from wbinfo_group.pl

Command line:  echo "skern CTX-InternetDL" | ./wbinfo_group.pl


Got skern CTX-InternetDL from squid
User:  -skern-
Group: -CTX-InternetDL-
SID:   -S-1-5-21-250813539-49483010-1236795852-1714 2-
GID:   -10010-
Sending OK to squid
OK

And wbinfo -h gives (found in the same directory as wbinfo_group.pl):

Usage: wbinfo -ug | -n name | -sSY sid | -UG uid/gid | -tm | -[aA] user%password
Version: 2.2.7
        -u                      lists all domain users
        -g                      lists all domain groups
        -n name            converts name to sid
        -s sid                 converts sid to name
        -N name            converts NetBIOS name to IP (WINS)
        -I IP                   converts IP address to NetBIOS name (WINS)
        -U uid                converts uid to sid
        -G gid                converts gid to sid
        -S sid                 converts sid to uid
        -Y sid                 converts sid to gid
        -t                        check shared secret
        -m                      list trusted domains
        -r user                get user groups
        -a user%password        authenticate user
        -A user%password        store user and password used by winbindd
                                               (root only)
        -p                      'ping' winbindd to see if it is alive
        --sequence       show sequence numbers of all domains
        --set-auth-user DOMAIN\user%password    set password for restrict 
anonymous

By tweaking the script I should get the results I want.


>>> [EMAIL PROTECTED] 02/10/04 03:18PM >>>
ncftp -u anonymous some.server worked.  Thank you very much for your help.

As to the NTLM authentication.  Squid provides a couple of utilities, (wb_auth 
and wb_group), that provide an interface to NT doamin authentication.  At one 
time I had written a script using wb_group, but I can't seem to find it.  When 
I do, I'll send you a copy.

>>> [EMAIL PROTECTED] 02/09/04 04:45PM >>>
Hello,

>I changed the firewall setting in ncftp's firewall file from 3 to 1.  Now 
>the problem is passing the password, in this case my email address, since 
>I'm going to an anonymous ftp site.  How do I pass the password.  Below is 
>the output from both ftp.proxy and ncftp.

I have absolutely no clue how ncftp works.  But google-ing for a manpage 
tells me that instead of

   ncftp [EMAIL PROTECTED] 

you should use

   ncftp -u anonymous some.server

But I might have found an outdated manpage but this from your debug output

> >>> 09:00:37  Connecting to [EMAIL PROTECTED] via 172.19.11.12...
>09:00:37  Fw: 172.19.11.12  Type: 1  User: skern  Pass: (none)  Port: 21
>09:00:37  FwExceptions: .localdomain,localdomain
>09:00:37  LibNcFTP 3.1.5 (October 13, 2002) compiled for linux-x86
>09:00:37  Uname: Linux|snoopy|2.4.20-28.9|#1 Thu Dec 18 13:45:22 EST 2003|i686
>09:00:37  Glibc: 2.3.2 (stable)
>09:00:37  Logging in...
>09:00:37  220: server ready - login please
> >>> 09:00:37  Connected to [EMAIL PROTECTED]
> >>> 09:00:37  Cmd: USER [EMAIL PROTECTED]@ftp.cse.buffalo.edu 
>09:00:37  331: password required
>09:00:37  Cmd: PASS xxxxxxxx
>09:00:43  530: bad login

also looks like this were the problem.


>My ultimate goal is to set up a ftp proxy for my comapny, that first, 
>verifies the user is a member of a certain NT domain group, then uses the 
>user's NT doamin username and password for authentication to allow the 
>user through the ftp proxy server.  The proxy server is also running squid 
>and I had to write a script to do the same type of authentication.

Ups, this sounds difficult.  How do you plan to do the NTLM authentication?


>I've read all the documentation on your website, except rfc 959 and 2389, 
>but obviously I'm fully comprehending it.  Thank you very much for your help.
>
>debug stuff

Your debug is basically ok, but for this particular case we need 
ftp.proxy's debug output since the regular syslog output doesn't tell much 
about usernames and passwords at this stage.  If you problem persits you 
can put ftp.proxy into debug mode with a

   # ftp.proxy -d -D some.port

then you see all the proxy communication on stderr.


Regards

Wolfgang Zekoll


--general-l------------------------------------
To unsubscribe please visit:
http://www.ftpproxy.org/html/maillinglists.html 


CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is
for the sole use of the intended recipients(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure, or
distribution is prohibited. If you are not the intended recipient(s), please
contact the sender by return e-mail and destroy all copies of the original
message. Thank you.


--general-l------------------------------------
To unsubscribe please visit:
http://www.ftpproxy.org/html/maillinglists.html 


--general-l------------------------------------
To unsubscribe please visit:
http://www.ftpproxy.org/html/maillinglists.html

Reply via email to