On Thu, 2006-09-21 at 18:00 +0200, Juan Rodriguez wrote: > On 9/21/06, Juan Rodriguez <[EMAIL PROTECTED]> wrote: > > > > Hello, > > > > I would like to use NTLM authentication on my Apache2 server, and I've > > found > > out this link which works very well for me, > > http://download.samba.org/ftp/unpacked/lorikeet/mod_ntlm_winbind > > > > I'm newbie to samba, and to make this stuff work, I had to execute > > "net join -S <DC> -U <Admin>", because winbindd complained about > > "did we join ?"... (all of this can be found on man winbindd). > > > I've managed to avoid this message using: > "net rpc getsid", but then I get the following error when I try to > authenticate > through mod_auth_winbind: > > (this is the output of winbindd) > ... > process_request: request fn AUTH_CRAP > [11189]: pam auth crap domain: <mydomain> user: <myuser> > is_myname("<mydomain>") returns 0 > secrets_fetch failed! > get_trust_pw: could not fetch trust account password for domain <mydomain> > could not open handle to NETLOGON pipe (error: > NT_STATUS_CANT_ACCESS_DOMAIN_INFO) > ....
You must join. Samba supports no other mode for mod_ntlm_winbindd. It is more secure, as we gain some assurance that the DC is real, and more reliable, as the DC communication is stateless. This is identical to how windows member servers operate. Other hacks often work, then fail (which is why ntlm_auth was created, to allow squid admins to use NTLM without these occasional failures) Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
