Karl Karlsson wrote:
Those standards i fully agree with. I got a bit a float there and thought
you meant it in a broader sense as it's going almost everywhere these days
where they use pam to glue every one and everything together. But this
really is off topic from that AD where we started. :)
[EMAIL PROTECTED] wrote:
Brett Lymn wrote:
So, regarding these claims of interoperability, can you put
LDAP+Kerberos+DNS services on an OpenBSD in a network of Windows clients
and removed the need for any other machines running AD?
have a look at this:
A long time ago a asked the developers to implement nsswitch
compatibility on OpenBSD, for sake of having user automatic
syncronization on AD. The answer was not positive.
There is also a patch that implements this hanging around. Got to ask Google :-)
Maybe it's time for OpenBSD to become more
2008/2/8, Karl Karlsson [EMAIL PROTECTED]:
2008/2/8, Eduardo Alvarenga [EMAIL PROTECTED]:
A long time ago a asked the developers to implement nsswitch
compatibility on OpenBSD, for sake of having user automatic
syncronization on AD. The answer was not positive.
There is also a patch
2008/2/8, Eduardo Alvarenga [EMAIL PROTECTED]:
A long time ago a asked the developers to implement nsswitch
compatibility on OpenBSD, for sake of having user automatic
syncronization on AD. The answer was not positive.
There is also a patch that implements this hanging around. Got to ask
2008/2/8, ropers [EMAIL PROTECTED]:
I'm not sure I fully understand:
I was under the impression that NT, up to NT 4, used the PDC/BDC
model, and W2K and later used AD. While the kernel-panic tutorial does
seem to address using OpenBSD to handle logins to NT4-compatible
domains (including
[EMAIL PROTECTED] wrote:
Brett Lymn wrote:
So, regarding these claims of interoperability, can you put
LDAP+Kerberos+DNS services on an OpenBSD in a network of Windows
clients and removed the need for any other machines running AD?
have a look at this:
On Feb 8, 2008 7:58 AM, Lars Noodin [EMAIL PROTECTED] wrote:
expected to emulate a Windows Server 200x domain controller.
But the interoperability issue goes far deeper than this.
In the domain control protocols that are used by MS Windows
XP Professional, there is
2008/2/8, Eduardo Alvarenga [EMAIL PROTECTED]:
2008/2/8, Karl Karlsson [EMAIL PROTECTED]:
2008/2/8, Eduardo Alvarenga [EMAIL PROTECTED]:
A long time ago a asked the developers to implement nsswitch
compatibility on OpenBSD, for sake of having user automatic
syncronization on AD.
I'm not sure I fully understand:
I was under the impression that NT, up to NT 4, used the PDC/BDC
model, and W2K and later used AD. While the kernel-panic tutorial does
seem to address using OpenBSD to handle logins to NT4-compatible
domains (including logins to such domains from W2K/WXP
Brett Lymn wrote:
... I have used squid
integrated with Active Directory authentication using purely open
source tools (samba winbindd, MIT kerberos 5, openldap) for _years_.
It works - no ifs no buts, it just goes.
I have not contested that. Anything can be hacked together with enough
Brett Lymn wrote:
So, regarding these claims of interoperability, can you put
LDAP+Kerberos+DNS services on an OpenBSD in a network of Windows clients
and removed the need for any other machines running AD?
have a look at this:
http://www.kernel-panic.it/openbsd/pdc/
I found it on:
On Thu, Feb 07, 2008 at 11:42:38AM -, [EMAIL PROTECTED] wrote:
Brett Lymn wrote:
I did not.
So, regarding these claims of interoperability, can you put
LDAP+Kerberos+DNS services on an OpenBSD in a network of Windows clients
and removed the need for any other machines running AD?
On Thu, Feb 07, 2008 at 11:26:09AM +0200, Lars Nood?n wrote:
Pose the question again. You are, among other things, unclear.
No. Look in the archives if you want it - I know you don't have any
answers apart from some tired rhetoric.
--
Brett Lymn
Warning:
The information contained in this
Brett Lymn wrote:
... They use LDAP+kerberos plus a bit of DNS ...
Please. There is enough bs here without intentionally piling it on.
Assuming a positive aspect to that, either you're confused about the
meaning of word 'based' or unfamiliar with AD.
AD is *not* Kerberos nor is it LDAP. AD
Jonathan Franks wrote:
I think Andre's point, ...
There are at least two perspectives on the problem. One perspective is
always how can the computer be used to avoid having the problem again in
the future.
By incorpo
... Sometimes that's just not an option, and I'm not rich enough to
turn
Andre van Zyl wrote:
Please show me the proof that my customers are experiencing a net loss of
productivity ...
You've provided that data point yourself: MS Windows.
Just because people quickly get used to and comfortable with a lower
level of productivity doesn't mean that it's not a
Please show me the proof that my customers are experiencing a net loss
of
productivity
You left out because their squid boxes authenticate to AD
You've provided that data point yourself: MS Windows.
Ah, I see, so in other words you don't have a clue?
Just because people quickly get
On Feb 6, 2008 3:09 AM, Lars Noodin [EMAIL PROTECTED] wrote:
Please. There is enough bs here without intentionally piling it on.
Assuming a positive aspect to that, either you're confused about the
meaning of word 'based' or unfamiliar with AD.
AD is *not* Kerberos nor is it LDAP. AD may
Well, it sounds like the OP or his cusomer has a Windows
network, so how about uh... AD???
Exactly.
I cannot take away AD, I need to read it and authenticate users in squid.
While reading at the discussion going on without a solution, I still have the
problema patching the makefile. I read
On Feb 6, 2008 3:45 AM, Lars Noodin [EMAIL PROTECTED] wrote:
Andre van Zyl wrote:
Please show me the proof that my customers are experiencing a net loss
of
productivity ...
You've provided that data point yourself: MS Windows.
That's just plain stupid, just like people who used to say
I am the patch author.
It's working since it's first implementation.
Maybe it's time for the maintainers to consider committing it.
Is there any reason for not having it committed?
Did you had some reply from the maintainers?
I think it would be useful to have it.
Luca.
On Feb 6, 2008 4:45 PM, Lars Noodin [EMAIL PROTECTED] wrote:
You've provided that data point yourself: MS Windows.
Since when is misc@ a Linux-esque anti-MS list?
---
Lars Hansson
On Wed, 6 Feb 2008, Luca Dell'Oca wrote:
http://www.mail-archive.com/misc@openbsd.org/msg30134.html
right now I had not so much time to test it, the modifications to the makefile
worked and squid compiled correctly. One of the interesting part of this
solution is not having to install samba
On Wed, Feb 06, 2008 at 10:09:50AM +0200, Lars Nood?n wrote:
Assuming a positive aspect to that, either you're confused about the
meaning of word 'based' or unfamiliar with AD.
Neither actually but you seem content. Never mind.
AD is *not* Kerberos nor is it LDAP. AD may well be inspired
Brett Lymn wrote:
Oddly this non-standard AD seems to interoperate with the Solaris ldap
client, an openldap client and with MIT kerberos just fine.
Seems to, or actually does? Or can be be pounded in after agreeing to
non-Open licenses?
Point me to some more recent articles or
On Feb 6, 2008 7:42 AM, Lars Noodin [EMAIL PROTECTED] wrote:
Brett Lymn wrote:
Oddly this non-standard AD seems to interoperate with the Solaris ldap
client, an openldap client and with MIT kerberos just fine.
Seems to, or actually does? Or can be be pounded in after agreeing to
bofh wrote:
http://msdn2.microsoft.com/en-us/library/ms818754.aspx
Read the page topic and search for the word PAC
Several links in it appears to confirm that a broken version of Kerberos
is still used:
The Kerberos Authentication Group Membership
Extensions extend the
On Feb 6, 2008 9:07 AM, Lars Noodin [EMAIL PROTECTED] wrote:
bofh wrote:
http://msdn2.microsoft.com/en-us/library/ms818754.aspx
Read the page topic and search for the word PAC
Several links in it appears to confirm that a broken version of Kerberos
is still used:
The Kerberos
Lars NoodC)n wrote:
bofh wrote:
http://msdn2.microsoft.com/en-us/library/ms818754.aspx
Read the page topic and search for the word PAC
Several links in it appears to confirm that a broken version of
Kerberos is still used:
The Kerberos Authentication Group Membership
Extensions
On Wed, Feb 06, 2008 at 02:42:02PM +0200, Lars Nood?n wrote:
Brett Lymn wrote:
Oddly this non-standard AD seems to interoperate with the Solaris ldap
client, an openldap client and with MIT kerberos just fine.
Seems to, or actually does? Or can be be pounded in after agreeing to
Hummm, I wish I had seen this patch earlier. Anyway, when I need
winbind, I just edit squid's Makefile and add winbind configure
args...
As Eduardo said, why not have a winbind flavor for the squid package?
--
An OpenBSD user... and that's all you need to know =)
David Gwynne wrote:
pretty sure he would. it's useful.
Running squid against an authentication service is useful. Yes.
Allowing AD near any part of your infrastructure is the opposite of
useful and results in a net loss of productivity. No.
LDAP+Kerberos is one tried and true option,
Allowing AD near any part of your infrastructure is the opposite of
useful and results in a net loss of productivity. No.
LDAP+Kerberos is one tried and true option, but there are others
nowadays. Don't confuse AD with a useful tool or with an authentication
service
This has to be one
[EMAIL PROTECTED] wrote:
[blather]
Obviously you've had no contact with AD or the cruftware it is infesting.
So what standards-based authentication service would you propose besides
LDAP+Kerberos? Hesiod? Shibboleth?
-Lars
On Feb 5, 2008, at 10:32 AM, Lars Noodin wrote:
[EMAIL PROTECTED] wrote:
[blather]
Obviously you've had no contact with AD or the cruftware it is
infesting.
So what standards-based authentication service would you propose
besides LDAP+Kerberos? Hesiod? Shibboleth?
-Lars
I think Andre's
On Tue, Feb 05, 2008 at 05:32:48PM +0200, Lars Nood?n wrote:
Obviously you've had no contact with AD or the cruftware it is infesting.
Looks like you have not had much either.
So what standards-based authentication service would you propose besides
LDAP+Kerberos? Hesiod? Shibboleth?
Obviously you've had no contact with AD or the cruftware it is infesting.
More than enough to call you out on the ignorant, unsubstantiated crap
you're posting.
Please show me the proof that my customers are experiencing a net loss of
productivity because their squid boxes authenticate to AD.
Hi all,
i'm have very little experienced on squid.
I would like to authenticate user and password of users in an Active
Directory based network (windows Server 2003) in order to assign
specific ACL to each of them. I do not nead to read group membership...
I founded on the internet this
Luca Dell'Oca wrote:
I would like to authenticate user and password of users in an Active
Directory
No. You wouldn't.
On 04/02/2008, at 8:13 PM, Lars Noodin wrote:
Luca Dell'Oca wrote:
I would like to authenticate user and password of users in an Active
Directory
No. You wouldn't.
pretty sure he would. it's useful.
I am the patch author.
It's working since it's first implementation.
Maybe it's time for the maintainers to consider committing it.
2008/2/4, David Gwynne [EMAIL PROTECTED]:
On 04/02/2008, at 8:13 PM, Lars Noodin wrote:
Luca Dell'Oca wrote:
I would like to authenticate user and password of
42 matches
Mail list logo
