On 15/02/12 15:33, Mr J Potter wrote:
> Hi Amos,
>
> Thanks for your help on this...
>
> I've had to change tack on this in light of what you have said and
> have now got NTLM authentication working.
>
> - any form of http authentication is going to kick up a login box -
> there is no way round this, right?
>
> With , NTLM I am now getting the NTLM login 3 times before it lets me
> in (apparently this is normal)
>
>
> Can you recommend the best/least bad approach to go for here? I;m
> setting up a guest wireless system, and I just want a way to get (non
> domain) devices to get a chance to login to get an internet
> connection, but all the ways I've found have major flaws.
>
>
> - LDAP basic authentication works fine but is insecure
> - LDAP digest requires a new type of password hash to be set up in my
> directory services
> - NTLM requires 3 login attempts
>
> Or do I move away from http authentication entirely?
>
> thanks in advance,
>
> Jim
> UK
>
Jim,
If you are getting login prompts like this (especially 3 times) it's
likely your NTLM auth is not working.
In normal use with NTLM on domain member hosts, you should never see
them, not even when opening the browser for the first time. The browser
should pass through authentication from the logged on Windows session.
I would check the permissions on the winbindd_privileged folder (usually
in /var/run/samba or /var/cache/samba) and make sure your squid user can
write to it. Some distros actually change the permissions on that folder
after winbind has started in the init script.
You might also want to check winbind is working by issuing "wbinfo -u"
and "wbinfo -g" - you should get a list of domain users and groups.
Alex
Received on Wed Feb 15 2012 - 17:41:50 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 16 2012 - 12:00:03 MST