Re: [squid-users] different NTLM helpers from Mohsin Khan on 2002-12-04 (squid-users)

From: Mohsin Khan <aaghaz00@dont-contact.us>
Date: Tue, 3 Dec 2002 23:15:32 -0800 (PST)

A-o-a

Appending to this question, can squid work
with an AD domain, on windows 2k

--- Henrik Nordstrom <hno@squid-cache.org> wrote:
> Ilia Chipitsine wrote:
>
> > as described in FAQ, winbind helper can be used in
> both Basic and NTLM
> > proxy-auth. it is also stated that Winbind itself
> doesn't operate well
> > with samba. on the other hand, there's another
> helpers which supposed to
> > understand NTLM. SMB, for instance.
>
> Note: winbind is currently the most stable and
> efficient Windows NT
> domain integration you can get for Squid, but the
> setup is probably also
> the most complex..
>
> > 1) are Basic-SMB and NTLM-SMB the "same" helpers
> as there two winbind
> > helpers ? I looked through the code, they seem to
> be different.
>
> No, they are entirely different. Only common factor
> is that both uses
> the (way old) SMB protocol to talk to your NT
> domain.
>
> > 2) is there a way of testing NTLM-SMB helper ?
> > I tried to install it, it doesn't work. At least
> for me. At least with
> > samba.
>
> Testing ntlm helpers is tricky as it requires
> something who can speak
> ntlm to the helper.. not something a human can
> speak. The best test is
> to try to put them into use.
>
> > 3) How much do I depend on winbind when using
> NTLM-SMB ?
>
> Not at all. The ntlm-SMB helper talks direcly to
> some NT servers in your
> network. Samba/winbind is not required at all.
>
> > 4) is anybody using NTLM-SMB helper ??
>
> If they are then they probably should try to use the
> winbind helper
> instead.
>
> The ntlm-SMB helper "ntlm_auth" has some serious
> performance and
> stability issues, partly due to Microsoft
> implementation of SMB in NT
> Server 4/2K/XP.. partly due to the helper doing a
> poor job at
> implementing NTLM. Also the ntlm-SMB helper only
> supports MS LANMAN
> challenge/responses which should not be used in a
> modern network due to
> their low security.
>
> Regards
> Henrik

=====
Regards,
Mohsin Khan
CCNA ( Cisco Certified Network Associate 2.0 )

>>>Happy is the who can smile<<<

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
Received on Wed Dec 04 2002 - 00:15:33 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:50 MST