This is an old revision of the document!
[gate:~] # /usr/local/etc/rc.d/samba stop [gate:~] # cat /etc/rc.conf … nmbd_enable="NO" smbd_enable="NO" winbindd_enable="YES" … [gate:~] # cd /usr/local/etc/
root@gate:~# /etc/init.d/samba stop
root@gate:~# stop nmbd root@gate:~# stop smbd
root@gate:~# apt-get install winbind root@gate:~# cd /etc/samba
gate# cat smb.conf
[global] workgroup = CORPX security = DOMAIN winbind use default domain = Yes
gate# net rpc join -U Administrator Administrators's password: Joined domain ADCORPX
[gate:~] # /usr/local/etc/rc.d/samba start
root@gate:~# /etc/init.d/bind9 restart root@gate:~# /etc/init.d/winbind restart
gate# ntlm_auth --username=user password: NT_STATUS_OK: Success (0x0)
[gate:~] # pkg_add -r squid [gate:~] # chown root:squid /var/db/samba/winbindd_privileged/ [gate:~] # cat /etc/rc.conf ... squid_enable=yes [gate:~] # rehash [gate:~] # squid -z [gate:~] # cd /usr/local/etc/squid
root@gate:~# apt-get install squid root@gate:~# cd /etc/squid
gate# cat squid.conf ... # for linux uncomment # auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp # for freebsd uncomment # auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp ... acl inetuser proxy_auth REQUIRED http_access allow inetuser # http_access allow localnet
[gate:~] # /usr/local/etc/rc.d/squid start
root@gate:~# /etc/init.d/squid restart
gate# ntlm_auth --username=user --require-membership-of=ADCORPX\\inet
[gate:~] # cat /etc/pam.d/sshd ... auth sufficient /usr/local/lib/pam_winbind.so auth required pam_unix.so no_warn try_first_pass
root@gate:~# apt-get install libpam-modules root@gate:~# more /etc/pam.d/sshd ... auth sufficient pam_winbind.so # Standard Un*x authentication. ...