Search squid archive

Re: Squid-Samba Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

At 19.35 11/12/2005, Mike Diggins wrote:
Active Directory. So I guess I should change the security parameter to ads?



        password server = as6.ad.McMaster.CA, as7.ad.mcmaster.ca


This should never needed: usually Samba find by itself the right DC.


Okay, so I can remove this line completely?


Yes, it SHOULD not be needed.

From the smb.conf of a my development machine:

        workgroup = ACMECONSULTING
        realm = ACMECONSULTING.LOC
        security = ADS
I don't have any "password server" directive, all operation is done using DNS and the machine is in a remote site without DC connected to my main office with a VPN.
ACMECONSULTING is the netbios name of the domain, ACMECONSULTING.LOC is the Kerberos Realm of the domain (= Active Directory domain name) 
For more details see:
http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member
No, I don't have that line in my squid config. Are you saying I should have it? 

Using NTLM Negotiate allow a better usage of NTLM protocol.


 What does it do?


From squid.conf.default:
#       "use_ntlm_negotiate" on|off
#       Enables support for NTLM NEGOTIATE packet exchanges with the helper.
#       The configured ntlm authenticator must be able to handle NTLM
#       NEGOTIATE packet. See the authenticator programs documentation if
#       unsure. ntlm_auth from Samba-3.0.2 or later supports the use of this
#       option.
#       The NEGOTIATE packet is required to support NTLMv2 and a
#       number of other negotiable NTLMSSP options, and also makes it
#       more likely the negotiation is successful. Enabling this parameter
#       will also solve problems encountered when NT domain policies
#       restrict users to access only certain workstations. When this is off,
#       all users must be allowed to log on the proxy servers too, or they'll
#       get "invalid workstation" errors - and access denied - when trying to
#       use Squid's services.
#       Use of ntlm NEGOTIATE is incompatible with challenge reuse, so
#       enabling this parameter will OVERRIDE the max_challenge_reuses and
#       max_challenge_lifetime parameters and set them to 0.
#       auth_param ntlm use_ntlm_negotiate off

For more details see:
http://davenport.sourceforge.net/ntlm.html

Regards

Guido



-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1           10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135  Fax. : +39.011.9781115
Email: guido.serassio@xxxxxxxxxxxxxxxxx
WWW: http://www.acmeconsulting.it/
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux