NTLM - Samba4 x Squid 3

Andrew Bartlett abartlet at samba.org
Thu Oct 10 19:48:05 MDT 2013 

On Wed, 2013-10-02 at 12:32 -0300, Aecio Alves wrote:
> Em 10/1/13 6:27 PM, Rowland Penny escreveu:
> > On 01/10/13 21:13, Aecio Alves wrote:
> >> Em 10/1/13 5:04 PM, Rowland Penny escreveu:
> >>> On 01/10/13 20:12, Aecio Alves wrote:
> >>>> Good afternoon!
> >>>>
> >>>> Is there an alternative integrated authentication squid with 
> >>>> Samba4, and NTLM?
> >>>>
> >>>> I need to do that authentication is integrated with Windows 
> >>>> authentication, when the user makes a log on the domain.
> >>>>
> >>>> Squid supports this kind of integration with Samba4?
> >>>>
> >>>> I've done it with version 3 of the Samba.
> >>>>
> >>>> What information do you need to help me?
> >>>> Can anyone help me?
> >>>>
> >>>> Thank you.
> >>>>
> >>>> Aécio
> >>> Hi, try doing a websearch on squid and active directory
> >>>
> >>> Rowland
> >>>
> >> Thanks for the quick response.
> >>
> >> I've been a long time looking for ways to do this, but I'm finding it 
> >> very difficult.
> >>
> >> I have done several attempts and I can not navigate through Squid 
> >> logging into Samba4.
> >>
> >> I'm trying with the NTLM method, but not authentication.
> >>
> >> The directory / usr / local / samba / var / lib / winbindd_privileged 
> >> / already has the appropriate permissions.
> >>
> >> Using simple authentication Squid works perfectly and I have no 
> >> problems with the provisioning domain. Could you give me a clue to 
> >> start identifying the problem?
> >>
> > Hi, I already did, your problem is that you are forgetting that Samba4 
> > is an active directory server and hence you need to search for squid 
> > and active directory, such a search will turn up things like this:
> > http://www.howtoforge.com/debian-squeeze-squid-kerberos-ldap-authentication-active-directory-integration-and-cyfin-reporter 
> >
> >
> > Rowland
> Okay Rowland.
> 
> Already consulted including this tutorial, but I use the CentOS.
> 
> Is it okay to run Samba4 and Squid on the same server?

The main issue with running the AD DC on the same server as the squid
server is that you would be using a different winbind implementation
(the one built in to the samba binary).  That may or may not impact on
the facilities squid needs (we are replacing it with the one in winbindd
from source3/). 

We generally also suggest having a separation of concerns between the DC
as the trusted heart of the network, and other services, as a best
network admin practice.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Catalyst IT                   http://catalyst.net.nz

More information about the samba-technical mailing list