[Samba] winbindd default domain problem

Josselin Dulac (I.U.FM.) josselin.dulac at lyon.iufm.fr
Thu Sep 22 09:56:01 GMT 2005

I got a problem using the Squid-winbind-samba-ldap services.
Squid 2.5, authenticating with Samba 3.1 through winbind.
Problem occurs with internet explorer on Windows XP clients when users
authenticate with Squid using NTLM protocol, with clients that are not
in the domain.
Acces is not allowed until I add the domain information to the user id.
When I look at winbind' logs, I can see that Internet Explorer sent the
local machine name as "domain" without asking me (My machine is called
"TEST", so I have "TEST\username" sent to squid.
I've the "winbind use default domain = yes" directive set (and parsed by
windbind when running), I've also tried to force the ntlm-auth Squid
helper with --domain=MYDOMAIN, but nothing worked.
Despite of that, it works well with firefox when out of the domain (auto
switching to basic auth), and well with both navigators when in a domain
(getting the Windows XP login as authentifier).

Did I forgot something ? All threads I found on the samba lists said
that the "winbind use default domain = yes" directive would be enough...
why isn't it ok for me ?

Note : I'm sorry for my english, I'm french ;)

Josselin Dulac
Technicien au CRI
IUFM de Lyon

More information about the samba mailing list