NTLM аутентификация и авторизация в Microsoft AD
Файловый сервер samba
gX# cat smb.conf
...
[homes]
read only = no
FreeBSD
[gX:~] # /usr/local/etc/rc.d/samba stop
[gX:~] # ee /etc/rc.conf
...
winbindd_enable="YES"
nmbd_enable="YES"
smbd_enable="YES"
[gX:~] # /usr/local/etc/rc.d/samba start
Ubuntu
@gX:~# /etc/init.d/samba start
Proxy сервер squid
FreeBSD
[gX:~] # pkg_add -r squid
[gX:~] # chown root:squid /var/db/samba/winbindd_privileged/
[gX:~] # cat /etc/rc.conf
...
squid_enable=yes
[gX:~] # rehash
[gX:~] # squid -z
[gX:~] # cd /usr/local/etc/squid
Ubuntu
root@gX:~# apt-get install squid
root@gX:~# cd /etc/squid
FreeBSD/Ubuntu
gX# rcsdiff squid.conf
211c211
< # auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
---
> # for linux uncomment
> # auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> # for freebsd uncomment
> # auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
644a645,647
> acl inetuser proxy_auth REQUIRED
> http_access allow inetuser
> # http_access allow localnet
FreeBSD
[gX:~] # /usr/local/etc/rc.d/squid start
Ubuntu
root@gX:~# /etc/init.d/squid restart
Разрешение доступа в интернет на основании членства в группе
gX# ntlm_auth --username=uX --require-membership-of=ADX\\inet