[Samba] NTLM, MSCHAPv2, squid & freeradius...

Wed Jan 10 16:10:28 UTC 2018

Currently (samba 4 NT-like domains) i use extensively NTLM auth in
freeradius and more mildly in squid, respectively with:

Freeradius (mschap module):
  ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=SANVITO --username=%{mschap:User-Name:-None} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"

squid3:
  auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=SANVITO --require-membership-of="SANVITO\\domusers"

I'm using debian jessie, with Louis backport packages, eg:
 samba: 2:4.5.12+dfsg-2~bpo8+1
 squid3: 3.4.8-6+deb8u4
 freeradius: 2.2.5+dfsg-0.2+deb8u1

Two question.

a) i have to expect troubles? Eg, something changed between NT and AD
 mode that can breaks all the stuff?

b) there's some better way to integrate an AD domain with
 squid/freeradius?

Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)