Re: [squid-users] NTLM - Squid X Samba4

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 02 Oct 2013 13:03:45 +1300

On 2/10/2013 8:11 a.m., Aecio Alves wrote:
> Good afternoon!
>
> Is there an alternative integrated authentication squid with Samba4,
> and NTLM?
>
> I need to do that authentication is integrated with Windows
> authentication, when the user makes a log on the domain.
>
> Squid supports this kind of integration with Samba4?
>
> I've done it with version 3 of the Samba.
>
> What information do you need to help me?
> Can anyone help me?

Possibly the Samba team can. There have been a number of people finding
sudden problems after only upgrading Samba and thus the ntlm_auth helper
that comes from it.

This is all that has been reported or identified about it so far:
> Hi.
>
> Recently I stepped on a bug in ntlm_auth helper from samba4 suite,
> guys in the samba team confirmed the possible bug with string
> formatting and possibly a missing '\0' delimiter at some point and
> requested more info, but in the same time they seem not being in the
> mood of explaining how to use ntlm_auth with two protocols -
> squid-2.5-ntlmssp/ntlmssp-client-1. The only thing I understood - is
> that using these two protocols it's possible to debug the
> authentication sequence, but I lack the documentation. I hope you guys
> could point me at right direction.
>
> Thanks.
> Eugene.

As you may be aware Squid is a community project. So unless someone is
able to spend the time digging deeper this is likely where things will stay.

Not that this will solve the problem of Samba4 NTLM being a bit broken
anyone still using NTLM needs to be aware of and take a good think about
this article:
http://blogs.technet.com/b/authentication/archive/2006/04/07/ntlm-s-time-has-passed.aspx

Amos
Received on Wed Oct 02 2013 - 00:03:54 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 02 2013 - 12:00:04 MDT