You should be using the ntlm_auth helper from Samba, not the squid wb_*
helpers.
Also check permissions on the winbind pipe.
See the squid FAQ and pay attention to the differences between Samba 2.x
and 3.x.
Jerry
- Original Message -
From: Ian Large [EMAIL PROTECTED]
To: [EMAIL
Look at the Samba 3.x sections for the FAQ again. Your using the
squid-provided winbind helpers which are ONLY for later Samba 2.x
versions.
You need to be using the Samba provided ntlm_auth helper for 3.x.
Jerry
- Original Message -
From: Jason Oakley [EMAIL PROTECTED]
To: [EMAIL
Also:
In wbinfo_group.pl, try try placing the line:
chop $groupSID;
with
$groupSID = substr($groupSID,0,index($groupSID, ,0));
This should strip the Domain Group (2) off of what get's passed back to
Samba.
There is a another patch floating around that does this, and may help.
But just for the record
None of the Windows policy changes should be necessary with properly
configured Samba3 w/AD/Kerberos and current squid.
I wouldn't want the impression that Squid requires lowering the security
settings(perceived or real) from the Windows defaults for Squid to take
If the desktops are locked down 100% and are updated regularly then it's
not really necessary IMO, but I generally do it anyway. It's an extra
layer that can help stop things before they get in the network.
Webmail is the biggest real offender. Other routine browsing is rare to
get a hit.
Files aren't fed to the client until they have been downloaded in full and
scanned. Just enough data is trickled to the client to keep the
connection alive until the full file is received at the gateway.
Jerry
- Original Message -
From: Peter van der Does [EMAIL PROTECTED]
To: [EMAIL
The -SQUID- ntlm_auth helper doesn't need samba at all. It is essentially
the first generation ntlm helper and is stand alone. It has known
problems and from the general discussion here I doubt it will see any
further development(but I'm not a squid developer).
The squid wb_* helpers are the
google for pam_pop3
- Original Message -
From: Francesco [EMAIL PROTECTED]
To: Jerry Murdock [EMAIL PROTECTED]; Francesco
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, August 21, 2003 2:04 AM
Subject: [squid-users] R: [squid-users] POP3 authenticator
Hi Jerry, and thank you
There's a POP3 pam module out there. Looked at it once, it shoudl do the
trick paired with Squid's PAM helper.
Jerry
- Original Message -
From: Francesco [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 12:16 PM
Subject: [squid-users] POP3 authenticator
If you really don't care about authentication, one of the NTLM helpers
doesn't check passwords - just accepts whatever the browser feeds it.
Jerry
- Original Message -
From: Eric Ferguson [EMAIL PROTECTED]
To: 'Jerry Murdock' [EMAIL PROTECTED];
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent
Think that's it. not sure if they will NEVER get a prompt, I haven't
played with it.
Jerry
- Original Message -
From: McWhirter,Julia [EMAIL PROTECTED]
To: Jerry Murdock [EMAIL PROTECTED]; Eric Ferguson
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 5:04 AM
Subject
11 matches
Mail list logo