[Samba] samba4+squid3+ntlm

Eduardo Miranda Hidalgo eduardo at hlg.desoft.cu
Fri Jun 8 12:19:22 UTC 2018 

Hello: 

I have a squid3 with aunteticacion ntlm integrated to samba4 but in workstations with windows 8.1 constantly asked for the username and password and it does not let the user navigate, use debian 8 + samba 4.7.7, no idea because that happens in client with windows 7 works well. 


smb.conf 

workgroup = MYDOMINIO 
security = ads 
netbios name = srv-proxy 
server string = Servidor Proxy de Dominio 
realm =MYDOMINIO.COM 
password server = srv-pdc.midominio.com 

winbind uid = 10000-20000 
winbind gid = 10000-20000 
winbind use default domain = yes 
winbind enum users = yes 
winbind enum groups = yes 

syslog = 0 
#log level = 1 
log level = 3 passdb:5 auth:10 winbind:5 
log file = /var/log/samba/%m.log 
max log size = 50 

squid.conf 

##Autenticacion 
# NTLM 
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=MYDOMINIO 
auth_param ntlm children 20 
auth_param ntlm keep_alive on 
# NTLM basic 
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --domain=MYDOMINIO 
auth_param ntlm children 20 
auth_param basic children 20 
auth_param basic realm Proxy midominio.comu 
auth_param basic credentialsttl 1 hours 
external_acl_type ldap_group children-max=20 %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl 
authenticate_ttl 1 hours 
authenticate_ip_ttl 1 hours 

krb5.conf 

[libdefaults] 
default_realm = MYDOMINIO.COM 
dns_lookup_kdc = no 
dns_lookup_realm = no 
ticket_lifetime = 24h 
default_keytab_name = /etc/squid3/PROXY.keytab 

; for Windows 2003 
; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 
; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 
; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 

; for Windows 2008 with AES 
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 

[realms] 
MYDOMINIO.COM= { 
kdc = srv-pdc.midominio.com 
admin_server = srv-pdc.midominio.com 
default_domain = midominio.com 
} 

[domain_realm] 
. midominio.com = MYDOMINIO.COM 
srv-pdc.midominio.com = MYDOMINIO.COM 

regards 
Eduardo

More information about the samba mailing list