RE: [squid-users] My SMB is just plain screwy, another error

From: Chemolli Francesco (USI) <>
Date: Thu, 22 Mar 2001 10:04:52 +0100

> but it is possible to "dirty trick" output the username and
> password from
> the NTLMSSP authenticator into the smb_auth helper? Recoding
> NTLMSSP to only
> pass the user/pass to smb_auth if NTLM auth succeedes...
> 1. ntlm challenge, helpers gets username and passwd and
> validates user,
> 2. NTLMSSP helper passes values on to smb_auth which tests
> the uers ability
> to view a file
> 3. user can view file theire in appropriate group
> 4. smb_auth returns OK response and squid goes on,

It's not possible. smb_auth requires the plaintext password to
connect to the share, and NTLMSSP doesn't have any to provide.

You could maybe hack something to this effect into NTLMSSP, but I
don't think it's a good thing(tm).
Where I work, we use some custom database storing user permissions,
and dump the result of some queries via asp/HTTP to some squid
configuration files for squid to use.
I am sure you can do something similar with NT groups. Just ask
your resident ASP guru.

Received on Thu Mar 22 2001 - 02:03:38 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:58:47 MST