====== NTLM аутентификация и авторизация в Microsoft AD ======

===== Файловый сервер samba =====
<code>
gX# cat smb.conf
...
[homes]
   read only = no
</code>

==== FreeBSD ====
<code>
[gX:~] # /usr/local/etc/rc.d/samba stop

[gX:~] # ee /etc/rc.conf
...
winbindd_enable="YES"
nmbd_enable="YES"
smbd_enable="YES"

[gX:~] # /usr/local/etc/rc.d/samba start
</code>

==== Ubuntu ====
<code>
@gX:~# /etc/init.d/samba start
</code>

===== Proxy сервер squid =====

==== FreeBSD ====
<code>
[gX:~] # pkg_add -r squid

[gX:~] # chown root:squid /var/db/samba/winbindd_privileged/

[gX:~] # cat /etc/rc.conf
...
squid_enable=yes

[gX:~] # rehash
[gX:~] # squid -z

[gX:~] # cd /usr/local/etc/squid
</code>

==== Ubuntu ====
<code>
root@gX:~# apt-get install squid

root@gX:~# cd /etc/squid
</code>

==== FreeBSD/Ubuntu ====
<code>
gX# rcsdiff squid.conf
211c211
< #     auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
---
> # for linux uncomment
> # auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> # for freebsd uncomment
> # auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
644a645,647
> acl inetuser proxy_auth REQUIRED
> http_access allow inetuser
> # http_access allow localnet
</code>

==== FreeBSD ====
<code>
[gX:~] # /usr/local/etc/rc.d/squid start
</code>

==== Ubuntu ====
<code>
root@gX:~# /etc/init.d/squid restart
</code>

==== Разрешение доступа в интернет на основании членства в группе ====
<code>
gX# ntlm_auth --username=uX --require-membership-of=ADX\\inet
</code>