[Samba] NTLMv2, Samba, and Squid
mups.cp
mups.cp at gmail.com
Sat Sep 8 15:35:20 GMT 2007
If you'd like force NTLMv2 authentication these settings in your
smb.conf could help:
ntlm auth = Yes
client NTLMv2 auth = Yes
min protocol = LANMAN2
max protocol = NT1
I also put these:
client lanman auth = No
client plaintext auth = No
use spnego = Yes
client use spnego = Yes
For the client part if you want there are these Microsoft articles for
Windows 95/98/NT that works in XP too, so I think that also works for
Winows Vista:
http://support.microsoft.com/?scid=kb%3Ben-us%3B239869&x=14&y=10
http://support.microsoft.com/?scid=kb%3Ben-us%3B147706&x=15&y=10
Even on XP clients I prefer strictly force NTLMv2.
On 9/7/07, Darren Maskowitz <squitz at gmail.com> wrote:
> Here is the problem: I'm setting up a new squid proxy server with
> authentication via Samba and NTLM because the old one died suddenly.
> The new one is up and running and i have it working; mostly. The
> kicker is the 2 employees testing Vista (myself and my supervisor)
> could not authenticate against the server. I say could because through
> a variety of testing and some lucky reading I found the cause of the
> problem to be that by default Windows Vista uses NTLMv2 only, and when
> I change the setting to LM & NTLM using NTLMv2 for negotiation it all
> works. The old proxy server allowed us ot authenticate using NTLMv2,
> and that is the goal of this question: what am I missing in my
> configuration? Here's a dump of smb.conf taken via a testparm:
>
> [global]
> workgroup = EDMCOMPUTRONIX
> realm = COMPUTRONIX.COM
> server string = CX Canada's SQUID Web Proxy
> security = ADS
> password server = 206.75.5.19
> log file = /var/log/samba/%m.log
> max log size = 500
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> preferred master = No
> domain master = No
> dns proxy = No
> idmap uid = 16777216-33554431
> idmap gid = 16777216-33554431
> winbind separator = +
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
>
> [test]
> path = /testshare
> guest ok = Yes
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list