Re: [Samba] NTLM auth, better on a DC or on a DM?
- Date: Sat, 08 Sep 2018 12:54:49 +0200
- From: Harry Jede via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] NTLM auth, better on a DC or on a DM?
> Probably is a stupid question, but...
> I need to implement some 'NTLM auth' (in squid and MSCHAPv2/PEAP on
> It is better to install squid/freeradius in the same host of a DC, or
> don't bother at all so they can be installed also on a DM?
This is not a stupid question!
We have sveral squid proxy with ntlm_auth running. Ntlm_auth works only
on a Domain Member Server and not on a PDC, BDC or DC.
If for any reason you MUST run it on a PDC/BDC you must start the winbindd
with an own smb.conf (i.e. winbindd -s /etc/samba/winbind.conf).
So all winbind related settings MUST be done in winbind.conf. Only one
winbind instance CAN run on a server.
I do not know if this is possible on an AD DC. I have never tried it.
To unsubscribe from this list go to the following URL and read the