[Samba] NTLM auth, better on a DC or on a DM?
gaiseric.vandal at gmail.com
Mon Sep 10 14:05:32 UTC 2018
Would squid and freeradius support LDAP authentication with AD ? I
don't know if you are using NTLM or NTLMv2.
On 09/08/18 06:54, Harry Jede via samba wrote:
> Hi Marco,
>> Probably is a stupid question, but...
>> I need to implement some 'NTLM auth' (in squid and MSCHAPv2/PEAP on
>> It is better to install squid/freeradius in the same host of a DC, or
>> don't bother at all so they can be installed also on a DM?
> This is not a stupid question!
> We have sveral squid proxy with ntlm_auth running. Ntlm_auth works only
> on a Domain Member Server and not on a PDC, BDC or DC.
> If for any reason you MUST run it on a PDC/BDC you must start the winbindd
> with an own smb.conf (i.e. winbindd -s /etc/samba/winbind.conf).
> So all winbind related settings MUST be done in winbind.conf. Only one
> winbind instance CAN run on a server.
> I do not know if this is possible on an AD DC. I have never tried it.
More information about the samba