Web lists-archives.com

Re: [Samba] NTLM auth, better on a DC or on a DM?




Hi Marco,

> Probably is a stupid question, but...
> 
> I need to implement some 'NTLM auth' (in squid and MSCHAPv2/PEAP on
> freeradius).
> 
> It is better to install squid/freeradius in the same host of a DC, or
> don't bother at all so they can be installed also on a DM?
This is not a stupid question!

We have sveral squid proxy with ntlm_auth running. Ntlm_auth works only 
on a Domain Member Server and not on a PDC, BDC or DC.

If for any reason you MUST run it on a PDC/BDC you must start the winbindd 
with an own smb.conf (i.e. winbindd -s /etc/samba/winbind.conf).

So all winbind related settings MUST be done in winbind.conf. Only one 
winbind instance CAN run on a server.

I do not know if this is possible on an AD DC. I have never tried it.


> Thanks.


-- 

Regards
	Harry Jede
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba