On Tue, 27 Apr 2004, Johan de Vries wrote: > In the Squid manual is the line: > Squid writes cleartext usernames and passwords when talking to the external > authentication processes > In our AD setup is the use of plaintext passwords not allowed > Still I want Squid to authenticate to the AD domain > How can this be set up ?
You can still use NTLM authentication. See the Squid FAQ section on winbind. > In my opinion I don't need the NTLM stuff when I use the AD system > Is this correct ? NTLM is still needed, and supported by AD (unless you explicitly disabled it). > Questions about the winbindd daemon: > I compiled Samba with: --with-ads --with-acl-support --with-winbind > --with-winbind-auth-challenge > When I start the winbindd and do a: net ads join > then commands like: wbinfo -u will work > Still there are errors in the log like: > SPENGO login failed: Logon failure > Kinit failed: Preauthentication failed This is a Samba question. You will have higher rate of success by asking this question in a suitable Samba forum. I did not see any errors like this when joining an ADS domain in my last tests. Regards Henrik
