Henrik Nordstrom wrote:
>
> Haven't tested yet.. we are using 3.0a18 which seems to work fine as
> far as I can tell..
Thats probably from before I last played games with the interface :-)
> Lets hope we can get the versioning issue finally sorted out with the
> Samba team before Squid-2.6 (in at least 6 months I would guess)..
>
> For Squid-2.5 I guess we will have to speficy which Samba versions are
> known to work with the helpers.
The current stable code uses the interface Squid expects - that's in
Samba 2.2.4 and above. Samba 2.2 is in feature freeze, and I would not
expect any changes to this interface, In particular becouse of it's use
by squid.
> Andrew: Do you think there will be fundamental changes to the winbindd
> API in the next 6 months, or do you think it will be sufficient for
> our purposes to just make use of new headers when there is a revised
> API?
Yes, there will be - I need to create a 'privilaged' pipe for squid to
use, so that we don't give arbitary users access to this resource.
Hoever, this in in Samba 3.0 only - 2.2 will remian as it is, to avoid
breaking Squid.
To get current Samba 3.0 working should only *require* a new header, but
you might also want to fill in the 'workstation' feild, and allow long
challanges - this might be sufficient to get NTLMv2 going (or it might
not...).
That's why I'm so keen to sort out this helper issue. If only I had the
time to implement it...
If sombody on the squid side wants to pick up this project, I'm more
than happy to give a hand.
The specifications are:
- Use Samba's NTLMSSP code. Needs seperation from the surrounding code
in clispnego.c and smbd/sesssetup.c
- Also needs 'ascii' support added. Currently all-unicode.
- Seperate Samba-supplied binary, called ntlm_auth
- Use a Popt interface, so that we can specify --squid-2.5 for the
current squid protocol etc.
- Have a command-line challange-response interface
- takes --username=abartlet --domain=FOO --lm-resp=ASDGADF (hex
encoded, 24 bytes) --nt-resp=AADFAFG1232 (hex encoded >=24 bytes)
- returns NT_STATUS_... on stdout, 0 or 1 to exit code
- Have a similar 'plaintext' inteface (option not to have password on
cmd line)
The idea is that this can be a stable, long-term interface that Samba
can provide, to squid and other projects
Any takers?
> Regards
> Henrik
>
> On Sunday 08 September 2002 02.30, Jerry Murdock wrote:
> > Is anyone running these together successfully?
> >
> > Looks like the api change Andrew has been warning about happened.
> >
> > If so, I will update the FAQ, probably should be in release note as
> > well.
> >
> > Jerry
-- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.netReceived on Sat Sep 07 2002 - 19:30:58 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:16:28 MST