Search squid archive

Re: Squid, Samba3 and winbind with NTLM authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/26/07, Kinkie <gkinkie@xxxxxxxxx> wrote:
> On 10/26/07, samer khalil <samerk1@xxxxxxxxx> wrote:
> > I am using Squid, Samba3 and winbind with NTLM authentication with a
> > proper configuration for samba, krb5.conf and squid.conf as follows:
> > auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> > auth_param ntlm children 5
> > auth_param ntlm max_challenge_reuses 0
> > auth_param ntlm max_challenge_lifetime 2 minutes
> >
> > The solution works great for computers who are joined to Active
> > Directory domain however i have a couple of questions regarding
> > clients that are NOT joined:
> >
> > 1- a NON-joined client using IE will have to logon using
> > realm/username and passwd. Is there a way to make him authenticate
> > with only his username and passwd ?
> > NB:It works fine with other browsers such as Firefox.
>
> MAYBE the Winbindd default domain can help. YMMV tho. This is an
> intentional design decision by Microsoft.
>
Can you please elaborate more.
Where can you set 'Winbindd default domain'? and what do you mean by YMMV ?
here's my smb.conf:
[global]
    workgroup           = WIN2K
    netbios name        = DEBIAN
    realm               = WIN2K.AUB.EDU.LB
    server string       = Linux Samba Server
    security            = ads
    encrypt passwords   = Yes
    password server     = dc1.win2k.aub.edu.lb
    log file            = /var/log/samba/%m.log
    max log size        = 0
    socket options      = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    preferred master    = False
    local master        = No
    domain master       = False
    dns proxy           = No
#   wins server         = 10.100.0.1
    winbind separator   = /
    winbind enum users  = yes
    winbind enum groups = yes
    winbind use default domain = yes
    idmap uid           = 10000-20000
    idmap gid           = 10000-20000

wbinfo -u  lists all users but without the DOMAIN+user
only users are listed:
root@debian:/var/spool/squid# wbinfo -u | more
ms135
ws16
jm36
cm20
nh55
og02
etc.

thanks for your help,
Samer

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux