On 10/26/07, Kinkie <gkinkie@xxxxxxxxx> wrote: > On 10/26/07, samer khalil <samerk1@xxxxxxxxx> wrote: > > I am using Squid, Samba3 and winbind with NTLM authentication with a > > proper configuration for samba, krb5.conf and squid.conf as follows: > > auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp > > auth_param ntlm children 5 > > auth_param ntlm max_challenge_reuses 0 > > auth_param ntlm max_challenge_lifetime 2 minutes > > > > The solution works great for computers who are joined to Active > > Directory domain however i have a couple of questions regarding > > clients that are NOT joined: > > > > 1- a NON-joined client using IE will have to logon using > > realm/username and passwd. Is there a way to make him authenticate > > with only his username and passwd ? > > NB:It works fine with other browsers such as Firefox. > > MAYBE the Winbindd default domain can help. YMMV tho. This is an > intentional design decision by Microsoft. > Can you please elaborate more. Where can you set 'Winbindd default domain'? and what do you mean by YMMV ? here's my smb.conf: [global] workgroup = WIN2K netbios name = DEBIAN realm = WIN2K.AUB.EDU.LB server string = Linux Samba Server security = ads encrypt passwords = Yes password server = dc1.win2k.aub.edu.lb log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = False local master = No domain master = False dns proxy = No # wins server = 10.100.0.1 winbind separator = / winbind enum users = yes winbind enum groups = yes winbind use default domain = yes idmap uid = 10000-20000 idmap gid = 10000-20000 wbinfo -u lists all users but without the DOMAIN+user only users are listed: root@debian:/var/spool/squid# wbinfo -u | more ms135 ws16 jm36 cm20 nh55 og02 etc. thanks for your help, Samer