Hi. Samba-4.0.7 FreeBSD 10.0-CURRENT
Besides serving files I'm using Samba to authenticate users in the Windows AD with squid. After having issues with samba 3.6.16 I decided to see if samba4 will fit me more. I was surprised, but I found that Samba 4 is fully functional in my environment and is nearly production-ready. After that I tried to setup squid to use samba for NTLM authentication. I found something that may be a bug, but may be also a misconfiguration of some sort. In short words - it doesn't work. To describe what's not working, I should say that in my configuration squid is authorizing user in two stages: - ntlm_auth is authenticating user - external squid helper is authorizing user's access to an URL using a supplied by ntlm_auth name and the group membership information from the AD. It turns out that for some reason ntlm_auth authenticates user just fine, but then it is supplying squid with some sort of corrupted username: squid access log: 1375868558.129 1957 192.168.7.71 TCP_DENIED/403 2338 GET http://www.ru/rus/index.php ZZZZZZZZZZZZZZZZ%a0%92%03\r%08 HI ER_NONE/- text/html This ZZZZ[...] is actually my username - 'emz', but looks it's authenticated by ntlm_auth. Squid also thinks that this username has been just authenticated, and tries to look it's group membership information. Squid cache log: support_member.cc(124): pid=12390 :2013/08/07 15:42:38| kerberos_ldap_group: INFO: User ZZZZZZZZZZZZZZZZâ.. . is not member of group@domain Internet Users - Crystal@NULL Considering that everything is fine when using samba 3.5.x, I suppose the answer is is samba software. Is this some bug or a misconfiguration ? Thanks. Eugene. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
