Joop, My smb.conf is as follows (constructed based on some walkthroughs available on Internet): [global] workgroup = DOMAIN server string = Linux Samba Server netbios name = ntproxy realm = DOMAIN.COM security = ADS encrypt passwords = Yes password server = 10.1.0.207, 10.1.0.203 preferred master = False local master = No domain master = False dns proxy = No wins server = 10.1.0.207 winbind separator = / winbind enum users = yes winbind enum groups = yes winbind use default domain = yes idmap uid = 10000-20000 idmap gid = 10000-20000 log file = /var/log/samba/log.%m max log size = 50 load printers = yes cups options = raw [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes I notice that when I attempt "kinit [username]@[domain]" an interesting thing happens. If is set it as username@DOMAIN it returns no errors... But if I use username@domain (lowercase) I receive an error that "Cannot find KDC for requested realm while getting initial credentials". Could this be part of the problem? The other kinit commands return success. I could not get the ntlm_auth command to work, as written... Still trying to figure out exactly what should be changed. Any recommendations? Thanks for the help. Shane -----Original Message----- From: J Beris [mailto:J.Beris@xxxxxxxxxxxxx] Sent: Thursday, March 13, 2008 3:21 AM To: Leach, Shane - MIS Laptop Cc: squid-users@xxxxxxxxxxxxxxx Subject: RE: Squid/Samba authenication with wrong username > It occurs to me that the actual user that is logged into XP is > "DOMAIN\USERNAME" rather than the other... is there a way to have Samba > recognize this? I am wanting to get rid of the login required. Hi Shane, We have this setup running here, and it runs fine 99.9% of the time. The only time when we have issues is when a user has recently changed his/her password and this hasn't been synched to the proxy yet. This resolves itself quickly enough, so not really a problem. It seems to me that you have not set up Samba properly for authentication. I have the following set up in /etc/smb.conf: [global] workgroup = [OURDOMAIN] netbios name = [NETBIOS NAME OF OUR SERVER] server string = openSUSE 10.2 proxy server security = ads <--- tells Samba you are using Active Directory to authenticate against encrypt passwords = yes password server = [COMMA SEPARATED LIST OF OUR DOMAIN CONTROLLERS] log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # The settings below ensure Samba doesn't # become the master browser for this domain # Samba tends to be faster than our DC's preferred master = False local master = no domain master = False winbind separator = / winbind enum users = yes winbind enum groups = yes winbind use default domain = yes idmap uid = 10000-20000 idmap gid = 10000-20000 Also, take a look at your Kerberos configuration, to see if you have set that up properly and if the proxy machine has been added to the domain properly. Check the output of the following commands: # kinit [username]@[domain] (without the brackets) This should prompt you for the password for the specified user After this, try the following: # klist -e This will show any cached Kerberos tickets on your server # net ads testjoin This will test if your join to the domain is valid # wbinfo -t Checks the machine trust account # wbinfo -u List domain users If any of these commands give you errors, verify your configuration. Last, but not least, test if you can authenticate with ntlm_auth: # /path/to/ntlm_auth --username=[user] This should give you a password prompt. Hope that helps! Regards, Joop ------------------------------------------------------------ Dit bericht is gescand op virussen en andere gevaarlijke inhoud door MailScanner en lijkt schoon te zijn. Mailscanner door http://www.prosolit.nl Professional Solutions fot IT
