Re: [Samba] Re: winbindd + mod_ntlm_winbind, why do we need net join ... ?
On 9/22/06, Andrew Bartlett [EMAIL PROTECTED] wrote: [snipped] You must join. Samba supports no other mode for mod_ntlm_winbindd. It is more secure, as we gain some assurance that the DC is real, and more reliable, as the DC communication is stateless. This is identical to how windows member servers operate. Other hacks often work, then fail (which is why ntlm_auth was created, to allow squid admins to use NTLM without these occasional failures) Ok, I can guess this is the right way of doing this. But I can't ask for the DC Administrator's password to join the domain. Is there an easy way to hack the source code and avoid this limitation ? As far as I can understand, this is a Samba restriction, not a windows one. (correct me if I am wrong). Thank you ver much for you help. -- JFRH -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd + mod_ntlm_winbind, why do we need net join ... ?
Hello, I would like to use NTLM authentication on my Apache2 server, and I've found out this link which works very well for me, http://download.samba.org/ftp/unpacked/lorikeet/mod_ntlm_winbind I'm newbie to samba, and to make this stuff work, I had to execute net join -S DC -U Admin, because winbindd complained about did we join ?... (all of this can be found on man winbindd). I'm wondering why do you have to exec net join. Can't winbindd forward all authentication requests to the domain controller without doing nej join ? Isn't there other options ? I've checked Apache2::AuthenNTLM and this module seems to be able to authenticate NTLM requests without joining the DC. Maybe I am wrong, any explanation about all this would be very useful. I plan to use NTLMv2 and the perl module doesn't do that so that's the reason I would like to work with mod_ntlm_winbind (without net join) I'm looking forward to your replies. Thanks in advance. -- JFRH -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbindd + mod_ntlm_winbind, why do we need net join ... ?
On 9/21/06, Juan Rodriguez [EMAIL PROTECTED] wrote: Hello, I would like to use NTLM authentication on my Apache2 server, and I've found out this link which works very well for me, http://download.samba.org/ftp/unpacked/lorikeet/mod_ntlm_winbind I'm newbie to samba, and to make this stuff work, I had to execute net join -S DC -U Admin, because winbindd complained about did we join ?... (all of this can be found on man winbindd). I've managed to avoid this message using: net rpc getsid, but then I get the following error when I try to authenticate through mod_auth_winbind: (this is the output of winbindd) ... process_request: request fn AUTH_CRAP [11189]: pam auth crap domain: mydomain user: myuser is_myname(mydomain) returns 0 secrets_fetch failed! get_trust_pw: could not fetch trust account password for domain mydomain could not open handle to NETLOGON pipe (error: NT_STATUS_CANT_ACCESS_DOMAIN_INFO) -- JFRH -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
