On 10/26/07, Kinkie <gkinkie@xxxxxxxxx> wrote:
> On 10/26/07, samer khalil <samerk1@xxxxxxxxx> wrote:
> > I am using Squid, Samba3 and winbind with NTLM authentication with a
> > proper configuration for samba, krb5.conf and squid.conf as follows:
> > auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> > auth_param ntlm children 5
> > auth_param ntlm max_challenge_reuses 0
> > auth_param ntlm max_challenge_lifetime 2 minutes
> >
> > The solution works great for computers who are joined to Active
> > Directory domain however i have a couple of questions regarding
> > clients that are NOT joined:
> >
> > 1- a NON-joined client using IE will have to logon using
> > realm/username and passwd. Is there a way to make him authenticate
> > with only his username and passwd ?
> > NB:It works fine with other browsers such as Firefox.
>
> MAYBE the Winbindd default domain can help. YMMV tho. This is an
> intentional design decision by Microsoft.
>
Can you please elaborate more.
Where can you set 'Winbindd default domain'? and what do you mean by YMMV ?
here's my smb.conf:
[global]
workgroup = WIN2K
netbios name = DEBIAN
realm = WIN2K.AUB.EDU.LB
server string = Linux Samba Server
security = ads
encrypt passwords = Yes
password server = dc1.win2k.aub.edu.lb
log file = /var/log/samba/%m.log
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
preferred master = False
local master = No
domain master = False
dns proxy = No
# wins server = 10.100.0.1
winbind separator = /
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
wbinfo -u lists all users but without the DOMAIN+user
only users are listed:
root@debian:/var/spool/squid# wbinfo -u | more
ms135
ws16
jm36
cm20
nh55
og02
etc.
thanks for your help,
Samer
