On Tue, Jul 15, 2003 at 05:11:55PM +0200, Kinkie wrote:
> A problem with squid's winbind-NTLM has been caught: it is
> possible to limit via security policies the workstations an user can log on
> to. Squid doesn't pass to winbind the workstation name (which is passed
> along in the "request" or "phase 1" NTLM dialogue) and thus such configured
> sites will fail their NTLM authentication with an error of "invalid
> workstation".
>
> This message is meant to be for knowledge-sharing only, and food for
> thought towards implementing proper NTLMv2 support.
I will remind you that:
- Clients get to choose their own workstatation-name
- Samba 3.0's ntlm_auth passes this on correctly.
I'm still waiting on the support for getting the negotiate packet, but
this all seems to work farily well anyway...
Andrew Bartlett
Received on Tue Jul 15 2003 - 17:11:12 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:17 MST