Re: [squid-users] testing ntlm_auth shipped with samba 3

From: Jerry Murdock <[email protected]>
Date: Wed, 5 Nov 2003 10:03:31 -0500

The -SQUID- ntlm_auth helper doesn't need samba at all. It is essentially
the first generation ntlm helper and is "stand alone". It has known
problems and from the general discussion here I doubt it will see any
further development(but I'm not a squid developer).

The squid wb_* helpers are the NTLM helpers for Samba 2.x that depend upon
Samba's winbind daemon. They will not work with Samba3 due to changes in
winbind.

The -SAMBA- ntlm_auth helper is not really a squid helper at all. Squid
was one of the primary driving factors at getting it done (thanks to
Andrew Bartlett) but it's meant to be a general purpose tool available to
any source that may find it useful.

The squid developers want to get out of implementing the internals of NTLM
as much as possible. The Samba helper is generally considered the
"future" of NTLM auth on squid. It puts the internals of NTLM in Samba's
capable hands and keeps squid out of the job of chasing Samba's changes.

Jerry

----- Original Message -----
From: "Lombardo Federico" <egopfe@hotmail.com>
To: <squid-users@squid-cache.org>
Sent: Wednesday, November 05, 2003 9:30 AM
Subject: Re: [squid-users] testing ntlm_auth shipped with samba 3

> Adam, I'm afraid you're wrong.
> ntlm_auth shipped with squid 2.5 latest tarrball work perfectly with
> samba3!!!!!!
>
> :-(
>
> I'm going mad...
>
>
>
> ----- Original Message -----
> From: "Adam Aube" <aaube@firstindependent.net>
> To: <squid-users@squid-cache.org>
> Sent: Wednesday, November 05, 2003 2:53 PM
> Subject: RE: [squid-users] testing ntlm_auth shipped with samba 3
>
>
> > > what are the advantages using ntlm_auth shipped with samba3
> > > instead of the same shipped with squid ?
> >
> > The one shipped with Squid will not work with Samba 3, whereas the one
> > that ships with Samba 3 will. That's a big advantage. :)
> >
> > > Better using it with samba 2.2.8a, wb_group and wb_ntlmauth
> > > works, and there is no other ntlm_auth except from squid one!
> >
> > That is a choice only you can make. However, if you use AD now or plan
> > to use it in the future, I would recommend you use Samba 3 - the
> > integration is much better and lets you take advantage of the improved
> > security of AD over the NT 4 domain model.
> >
> > Note that there is a Perl-based winbind_group helper that works with
> > Samba 3, so you don't have to give up the group support in Squid if
> > you move to Samba 3.
> >
> > Adam
> >
> >
Received on Wed Nov 05 2003 - 08:03:44 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:07 MST