[Samba] Samba4 and Squid3 with ntlm_auth ... more information
ivanmartinezz at cantv.net
ivanmartinezz at cantv.net
Mon Dec 28 09:42:49 MST 2009
Hello there.
i'm check this link about squid with AD autentication:
http://techmiso.com/1934/howto-install-squid-web-proxy-server-with-active-di
rectory-authentication/
But the test don't work
# wbinfo-t
checking the trust secret via RPC calls succeeded
# find / - name ntlm_auth
/usr/local/samba/bin/ntlm_auth
/usr/src/samba-alpha10/source4/bin/ntlm_auth
/usr/lib/squid3/ntlm_auth
# cd /usr/local/samba/bin/
# ./ntlm_auth --helper-protocol=squid-2.5-basic MYDOMAIN+Administrator
password
Hang the shell
And...
# cd /usr/lib/squid3/
# # ./ntlm_auth --helper-protocol=squid-2.5-basic MYDOMAIN+Administrato
password
You MUST specify at least one Domain Controller.
You can use either \ or / as separator between the domain name
and the controller name
./ntlm_auth: invalid option -- '-'
unknown option: -?. Exiting
./ntlm_auth usage:
./ntlm_auth [-b] [-f] [-d] [-l] domain\controller [domain\controller ...]
-b enables load-balancing among controllers
-f enables failover among controllers (DEPRECATED and always active)
-l changes behavior on domain controller failyures to last-ditch.
-d enables debugging statements if DEBUG was defined at build-time.
My squid access.log show
1262018002.154 0 192.168.24.18 TCP_DENIED/407 3035 GET
http://www.yahoo.com/ - NONE/- text/html
1262018030.201 1 192.168.24.18 TCP_DENIED/407 3165 GET
http://www.yahoo.com/ administrato at mydomain.lan NONE/- text/html
1262018036.751 0 192.168.24.18 TCP_DENIED/407 3153 GET
http://www.yahoo.com/ administrator NONE/- text/html
1262018046.058 0 192.168.24.18 TCP_DENIED/407 3161 GET
http://www.yahoo.com/ administrator at mydomain NONE/- text/html
1262018046.954 0 192.168.24.18 TCP_DENIED/407 3213 GET
http://www.yahoo.com/ - NONE/- text/html
1262018047.433 0 192.168.24.18 TCP_DENIED/407 3213 GET
http://www.yahoo.com/ - NONE/- text/html
1262018047.907 0 192.168.24.18 TCP_DENIED/407 3213 GET
http://www.yahoo.com/ - NONE/- text/html
1262018048.353 0 192.168.24.18 TCP_DENIED/407 3213 GET
http://www.yahoo.com/ - NONE/- text/html
1262018048.810 0 192.168.24.18 TCP_DENIED/407 3213 GET
http://www.yahoo.com/ - NONE/- text/html
1262018049.970 0 192.168.24.18 TCP_DENIED/407 3217 GET
http://www.yahoo.com/ xxx NONE/- text/html
1262018051.810 0 192.168.24.18 TCP_DENIED/407 3219 GET
http://www.yahoo.com/ kjhjkhd NONE/- text/html
# ./testparm
Loaded smb config files from /usr/local/samba/etc/smb.conf
lp_load: refreshing parameters from /usr/local/samba/etc/smb.conf
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[compartido]"
Loaded services file OK.
Press enter to see a dump of your service definitions
# Global parameters
[global]
server role = domain controller
workgroup = MYDOMAIN
netbios name = PANTRO
prefork children:smb = 4
registry:hkey_users = hku.ldb
registry:hkey_local_machine = hklm.ldb
auth methods:standalone = anonymous sam_ignoredomain
auth methods:member server = anonymous sam winbind
auth methods:domain controller = anonymous sam_ignoredomain
comment =
path =
ntvfs handler = unixuid, default
read only = Yes
create mask = 0744
force create mode = 00
directory mask = 0755
force directory mode = 00
hosts allow =
hosts deny =
max connections = -1
strict sync = No
case insensitive filesystem = No
max print jobs = 1000
printable = No
printer name =
map system = No
map hidden = No
map archive = Yes
browseable = Yes
csc policy = manual
strict locking = Yes
oplocks = Yes
copy =
include =
available = Yes
volume =
fstype = NTFS
msdfs root = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/mydomain.lan/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[compartido]
path = /home/compartido
read only = No
[IPC$]
comment = IPC Service (Samba 4.0.0alpha10)
path = /tmp
ntvfs handler = default
browseable = No
fstype = IPC
[ADMIN$]
comment = DISK Service (Samba 4.0.0alpha10)
path = /tmp
browseable = No
fstype = DISK
Thanks a lot!!!
More information about the samba
mailing list