ntlm_аутентификация_и_авторизация_в_microsoft_ad

NTLM аутентификация и авторизация в Microsoft AD

Файловый сервер samba

gX# cat smb.conf
...
[homes]
   read only = no

FreeBSD

[gX:~] # /usr/local/etc/rc.d/samba stop

[gX:~] # ee /etc/rc.conf
...
winbindd_enable="YES"
nmbd_enable="YES"
smbd_enable="YES"

[gX:~] # /usr/local/etc/rc.d/samba start

Ubuntu

@gX:~# /etc/init.d/samba start

Proxy сервер squid

FreeBSD

[gX:~] # pkg_add -r squid

[gX:~] # chown root:squid /var/db/samba/winbindd_privileged/

[gX:~] # cat /etc/rc.conf
...
squid_enable=yes

[gX:~] # rehash
[gX:~] # squid -z

[gX:~] # cd /usr/local/etc/squid

Ubuntu

root@gX:~# apt-get install squid

root@gX:~# cd /etc/squid

FreeBSD/Ubuntu

gX# rcsdiff squid.conf
211c211
< #     auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
---
> # for linux uncomment
> # auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> # for freebsd uncomment
> # auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
644a645,647
> acl inetuser proxy_auth REQUIRED
> http_access allow inetuser
> # http_access allow localnet

FreeBSD

[gX:~] # /usr/local/etc/rc.d/squid start

Ubuntu

root@gX:~# /etc/init.d/squid restart

Разрешение доступа в интернет на основании членства в группе

gX# ntlm_auth --username=uX --require-membership-of=ADX\\inet
ntlm_аутентификация_и_авторизация_в_microsoft_ad.txt · Last modified: 2013/05/22 13:50 (external edit)