From 0381e1741f55a5691275f8df62da9fcc8818db3d Mon Sep 17 00:00:00 2001 From: bubulle Date: Wed, 28 May 2008 03:56:49 +0000 Subject: Load samba-3.2.0rc1 into branches/samba/upstream-3.2. git-svn-id: svn://svn.debian.org/svn/pkg-samba/branches/samba/upstream-3.2@1898 fc4039ab-9d04-0410-8cac-899223bdd6b0 --- docs/htmldocs/manpages/ntlm_auth.1.html | 52 ++++++++++++++++----------------- 1 file changed, 26 insertions(+), 26 deletions(-) (limited to 'docs/htmldocs/manpages/ntlm_auth.1.html') diff --git a/docs/htmldocs/manpages/ntlm_auth.1.html b/docs/htmldocs/manpages/ntlm_auth.1.html index 18c77834ed..4a3fee4dc8 100644 --- a/docs/htmldocs/manpages/ntlm_auth.1.html +++ b/docs/htmldocs/manpages/ntlm_auth.1.html @@ -1,18 +1,18 @@ -ntlm_auth

Name

ntlm_auth — tool to allow external access to Winbind's NTLM authentication function

Synopsis

ntlm_auth [-d debuglevel] [-l logdir] [-s <smb config file>]

DESCRIPTION

This tool is part of the samba(7) suite.

ntlm_auth is a helper utility that authenticates +ntlm_auth

Name

ntlm_auth — tool to allow external access to Winbind's NTLM authentication function

Synopsis

ntlm_auth [-d debuglevel] [-l logdir] [-s <smb config file>]

DESCRIPTION

This tool is part of the samba(7) suite.

ntlm_auth is a helper utility that authenticates users using NT/LM authentication. It returns 0 if the users is authenticated successfully and 1 if access was denied. ntlm_auth uses winbind to access the user and authentication data for a domain. This utility is only indended to be used by other programs (currently - Squid - and mod_ntlm_winbind) -

OPERATIONAL REQUIREMENTS

- The winbindd(8) daemon must be operational + Squid + and mod_ntlm_winbind) +

OPERATIONAL REQUIREMENTS

+ The winbindd(8) daemon must be operational for many of these commands to function.

Some of these commands also require access to the directory winbindd_privileged in $LOCKDIR. This should be done either by running this command as root or providing group access to the winbindd_privileged directory. For - security reasons, this directory should not be world-accessable.

OPTIONS

--helper-protocol=PROTO

+ security reasons, this directory should not be world-accessable.

OPTIONS

--helper-protocol=PROTO

Operate as a stdio-based helper. Valid helper protocols are:

squid-2.4-basic

Server-side helper for use with Squid 2.4's basic (plaintext) @@ -23,7 +23,7 @@ authentication.

Requires access to the directory winbindd_privileged in $LOCKDIR. The protocol used is - described here: http://devel.squid-cache.org/ntlm/squid_helper_protocol.html. + described here: http://devel.squid-cache.org/ntlm/squid_helper_protocol.html. This protocol has been extended to allow the NTLMSSP Negotiate packet to be included as an argument to the YR command. (Thus avoiding @@ -64,33 +64,33 @@ any data (such as usernames/passwords) that may contain malicous user data, such as a newline. They may also need to decode strings from the helper, which likewise may have been base64 encoded.

Username

The username, expected to be in - Samba's unix charset. -

Example 1. 

Username: bob


Example 2. 

Username:: Ym9i


Username

The user's domain, expected to be in - Samba's unix charset. -

Example 3. 

Domain: WORKGROUP


Example 4. 

Domain:: V09SS0dST1VQ


Full-Username

The fully qualified username, expected to be in - Samba's and qualified with the - winbind separator. -

Example 5. 

Full-Username: WORKGROUP\bob


Example 6. 

Full-Username:: V09SS0dST1VQYm9i


LANMAN-Challenge

The 8 byte LANMAN Challenge value, + Samba's unix charset. +

Example 1. 

Username: bob


Example 2. 

Username:: Ym9i


Username

The user's domain, expected to be in + Samba's unix charset. +

Example 3. 

Domain: WORKGROUP


Example 4. 

Domain:: V09SS0dST1VQ


Full-Username

The fully qualified username, expected to be in + Samba's unix charset and qualified with the + winbind separator. +

Example 5. 

Full-Username: WORKGROUP\bob


Example 6. 

Full-Username:: V09SS0dST1VQYm9i


LANMAN-Challenge

The 8 byte LANMAN Challenge value, generated randomly by the server, or (in cases such as MSCHAPv2) generated in some way by both the server and the client. -

Example 7. 

LANMAN-Challege: 0102030405060708


LANMAN-Response

The 24 byte LANMAN Response value, +

Example 7. 

LANMAN-Challege: 0102030405060708


LANMAN-Response

The 24 byte LANMAN Response value, calculated from the user's password and the supplied LANMAN Challenge. Typically, this is provided over the network by a client wishing to authenticate. -

Example 8. 

LANMAN-Response: 0102030405060708090A0B0C0D0E0F101112131415161718


NT-Response

The >= 24 byte NT Response +

Example 8. 

LANMAN-Response: 0102030405060708090A0B0C0D0E0F101112131415161718


NT-Response

The >= 24 byte NT Response calculated from the user's password and the supplied LANMAN Challenge. Typically, this is provided over the network by a client wishing to authenticate. -

Example 9. 

NT-Response: 0102030405060708090A0B0C0D0E0F101112131415161718


Password

The user's password. This would be +

Example 9. 

NT-Response: 0102030405060708090A0B0C0D0E0F101112131415161718


Password

The user's password. This would be provided by a network client, if the helper is being used in a legacy situation that exposes plaintext passwords in this way. -

Example 10. 

Password: samba2


Example 11. 

Password:: c2FtYmEy


Request-User-Session-Key

Apon sucessful authenticaiton, return +

Example 10. 

Password: samba2


Example 11. 

Password:: c2FtYmEy


Request-User-Session-Key

Apon sucessful authenticaiton, return the user session key associated with the login. -

Example 12. 

Request-User-Session-Key: Yes


Request-LanMan-Session-Key

Apon sucessful authenticaiton, return +

Example 12. 

Request-User-Session-Key: Yes


Request-LanMan-Session-Key

Apon sucessful authenticaiton, return the LANMAN session key associated with the login. -

Example 13. 

Request-LanMan-Session-Key: Yes


--username=USERNAME

+

Example 13. 

Request-LanMan-Session-Key: Yes


--username=USERNAME

Specify username of user to authenticate

--domain=DOMAIN

Specify domain of user to authenticate @@ -115,7 +115,7 @@ amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.

Note that specifying this parameter here will -override the parameter +override the log level parameter in the smb.conf file.

-V

Prints the program version number.

-s <configuration file>

The file specified contains the configuration details required by the server. The @@ -128,7 +128,7 @@ compile time.

-l|--log-basename=logdirectory".progname" will be appended (e.g. log.smbclient, log.smbd, etc...). The log file is never removed by the client.

-h|--help

Print a summary of command line options. -

EXAMPLE SETUP

To setup ntlm_auth for use by squid 2.5, with both basic and +

EXAMPLE SETUP

To setup ntlm_auth for use by squid 2.5, with both basic and NTLMSSP authentication, the following should be placed in the squid.conf file. 

@@ -144,13 +144,13 @@ auth_param basic credentialsttl 2 hours
 
 auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of='WORKGROUP\Domain Users'
 auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of='WORKGROUP\Domain Users'
-

TROUBLESHOOTING

If you're experiencing problems with authenticating Internet Explorer running +

TROUBLESHOOTING

If you're experiencing problems with authenticating Internet Explorer running under MS Windows 9X or Millenium Edition against ntlm_auth's NTLMSSP authentication helper (--helper-protocol=squid-2.5-ntlmssp), then please read - + the Microsoft Knowledge Base article #239869 and follow instructions described there. -

VERSION

This man page is correct for version 3.0 of the Samba - suite.

AUTHOR

The original Samba software and related utilities +

VERSION

This man page is correct for version 3 of the Samba + suite.

AUTHOR

The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.

The ntlm_auth manpage was written by Jelmer Vernooij and -- cgit v1.2.3