On Tue, 27 Apr 2004, Johan de Vries wrote:
> In the Squid manual is the line:
> Squid writes cleartext usernames and passwords when talking to the external authentication processes
> In our AD setup is the use of plaintext passwords not allowed
> Still I want Squid to authenticate to the AD domain
> How can this be set up ?
You can still use NTLM authentication. See the Squid FAQ section on
winbind.
> In my opinion I don't need the NTLM stuff when I use the AD system
> Is this correct ?
NTLM is still needed, and supported by AD (unless you explicitly disabled
it).
> Questions about the winbindd daemon:
> I compiled Samba with: --with-ads --with-acl-support --with-winbind --with-winbind-auth-challenge
> When I start the winbindd and do a: net ads join
> then commands like: wbinfo -u will work
> Still there are errors in the log like:
> SPENGO login failed: Logon failure
> Kinit failed: Preauthentication failed
This is a Samba question. You will have higher rate of success by asking
this question in a suitable Samba forum.
I did not see any errors like this when joining an ADS domain in my last
tests.
Regards
Henrik
Received on Tue Apr 27 2004 - 04:28:10 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:02 MDT