[Samba] Samba & Squid NTLM Auth

Tobias Meier schlittae at bluewin.ch
Tue Apr 12 07:24:45 MDT 2011


I'm using Samba/Winbind(ntlm_auth) to handle NTLM requests from a Squid
proxy. Everything works fine with local PDC mode and also in domain member

There is only one thing which isn't very nice for end-users. If you try to
surf over the authenticated proxy with a Windows client which is not member
of the domain, the browser (problem only occurs with IE) will use hostname
as domain name for NTLM authentication. So if you just enter username and
password it will not work. You have to enter the whole domain\username (and
of course password) combination.

My question is, are there any methods to tell ntlm_auth or winbind to simply
ignore domain, sent by client, and always use samba configured domain on the
proxy host?
(The "winbind use default domain" directive will only work if there is no
domain given by the client)

I'm using Samba 3.5.6 from FreeBSD ports on a fully updated FreeBSD 8.2.

Tobias Meier

More information about the samba mailing list