On Tue, 2006-12-12 at 05:29 +0100, Henrik Nordstrom wrote: > > In theory it may be possible to use Samba ntlm_auth without an ADS > setup. Yeah, I had wondered too if ntlm_auth could be used with Samba configured to use either PAM locally, which would use kerberos or if Samba had any direct kerberos support in it (doubtful). Doesn't ntlm_auth with spnego need samba >-4 though? > But I don't know if it will work or how one configures Samba for > such setups. Indeed. Certainly if one has Samba already configured and in use, it would hopefully not be much more, but to install and configure Samba just for squid is a bit much -- I suppose if one really wants SSO though. But my suggestion of using ntlm_auth was not so much in it's binary form but as a source of SPNEGO handling. IIUC, ntlm_auth takes the SPNEGO blob from the client via squid and unpacks it and does the NTLM auth with the MS Goop(tm) doesn't it? b. -- My other computer is your Microsoft Windows server. Brian J. Murrell
Attachment:
signature.asc
Description: This is a digitally signed message part