[Samba] Samba & Squid NTLM Auth

Deyan Stoykov dstoykov at uni-ruse.bg
Wed Apr 13 04:20:47 MDT 2011


Tobias Meier wrote:
> Hi
> 
> I'm using Samba/Winbind(ntlm_auth) to handle NTLM requests from a Squid
> proxy. Everything works fine with local PDC mode and also in domain member
> mode.
> 
> There is only one thing which isn't very nice for end-users. If you try to
> surf over the authenticated proxy with a Windows client which is not member
> of the domain, the browser (problem only occurs with IE) will use hostname
> as domain name for NTLM authentication. So if you just enter username and
> password it will not work. You have to enter the whole domain\username (and
> of course password) combination.
> 
> My question is, are there any methods to tell ntlm_auth or winbind to simply
> ignore domain, sent by client, and always use samba configured domain on the
> proxy host?
> (The "winbind use default domain" directive will only work if there is no
> domain given by the client)
> 
> I'm using Samba 3.5.6 from FreeBSD ports on a fully updated FreeBSD 8.2.

Add this to smb.conf on the squid machine:

map untrusted to domain = yes

Regards,
Deyan

-- 
Deyan Stoykov, dstoykov at uni-ruse.bg
System administrator
Computing and Information Services Center
University of Ruse


More information about the samba mailing list