[Samba] NTLM auth, better on a DC or on a DM?

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Sep 10 14:05:32 UTC 2018


Would squid and freeradius support LDAP authentication with AD ?   I 
don't know if you are using NTLM or NTLMv2.


On 09/08/18 06:54, Harry Jede via samba wrote:
> Hi Marco,
>
>> Probably is a stupid question, but...
>>
>> I need to implement some 'NTLM auth' (in squid and MSCHAPv2/PEAP on
>> freeradius).
>>
>> It is better to install squid/freeradius in the same host of a DC, or
>> don't bother at all so they can be installed also on a DM?
> This is not a stupid question!
>
> We have sveral squid proxy with ntlm_auth running. Ntlm_auth works only
> on a Domain Member Server and not on a PDC, BDC or DC.
>
> If for any reason you MUST run it on a PDC/BDC you must start the winbindd
> with an own smb.conf (i.e. winbindd -s /etc/samba/winbind.conf).
>
> So all winbind related settings MUST be done in winbind.conf. Only one
> winbind instance CAN run on a server.
>
> I do not know if this is possible on an AD DC. I have never tried it.
>
>
>> Thanks.
>




More information about the samba mailing list