Ignore:
Timestamp:
May 12, 2014, 8:58:38 PM (12 years ago)
Author:
Silvan Scherrer
Message:

Samba 3.6: updated vendor to latest version

File:
1 edited

Legend:

Unmodified
Added
Removed

  • vendor/current/docs/manpages/ntlm_auth.1

    r746 r860  
    22.\"     Title: ntlm_auth
    33.\"    Author: [see the "AUTHOR" section]
    4 .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
    5 .\"      Date: 10/29/2012
     4.\" Generator: DocBook XSL Stylesheets v1.7 <http://docbook.sf.net/>
     5.\"      Date:
    66.\"    Manual: User Commands
    77.\"    Source: Samba 3.6
    88.\"  Language: English
    99.\"
    10 .TH "NTLM_AUTH" "1" "10/29/2012" "Samba 3\&.6" "User Commands"
     10.TH "NTLM_AUTH" "1" "09/18/2013" "Samba 3\&.6" "User Commands"
     11.\" -----------------------------------------------------------------
     12.\" * Define some portability stuff
     13.\" -----------------------------------------------------------------
     14.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     15.\" http://bugs.debian.org/507673
     16.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
     17.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     18.ie \n(.g .ds Aq \(aq
     19.el       .ds Aq '
    1120.\" -----------------------------------------------------------------
    1221.\" * set default formatting
     
    2029.\" -----------------------------------------------------------------
    2130.SH "NAME"
    22 ntlm_auth \- tool to allow external access to Winbind\'s NTLM authentication function
     31ntlm_auth \- tool to allow external access to Winbind\s NTLM authentication function
    2332.SH "SYNOPSIS"
    2433.HP \w'\ 'u
     
    5564squid\-2\&.4\-basic
    5665.RS 4
    57 Server\-side helper for use with Squid 2\&.4\'s basic (plaintext) authentication\&.
     66Server\-side helper for use with Squid 2\&.4\s basic (plaintext) authentication\&.
    5867.RE
    5968.PP
    6069squid\-2\&.5\-basic
    6170.RS 4
    62 Server\-side helper for use with Squid 2\&.5\'s basic (plaintext) authentication\&.
     71Server\-side helper for use with Squid 2\&.5\s basic (plaintext) authentication\&.
    6372.RE
    6473.PP
    6574squid\-2\&.5\-ntlmssp
    6675.RS 4
    67 Server\-side helper for use with Squid 2\&.5\'s NTLMSSP authentication\&.
     76Server\-side helper for use with Squid 2\&.5\s NTLMSSP authentication\&.
    6877.sp
    6978Requires access to the directory
     
    7887ntlmssp\-client\-1
    7988.RS 4
    80 Client\-side helper for use with arbitrary external programs that may wish to use Samba\'s NTLMSSP authentication knowledge\&.
     89Client\-side helper for use with arbitrary external programs that may wish to use Samba\s NTLMSSP authentication knowledge\&.
    8190.sp
    8291This helper is a client, and as such may be run by any user\&. The protocol used is effectively the reverse of the previous protocol\&. A
     
    103112ntlm\-server\-1
    104113.RS 4
    105 Server\-side helper protocol, intended for use by a RADIUS server or the \'winbind\' plugin for pppd, for the provision of MSCHAP and MSCHAPv2 authentication\&.
     114Server\-side helper protocol, intended for use by a RADIUS server or the \ plugin for pppd, for the provision of MSCHAP and MSCHAPv2 authentication\&.
    106115.sp
    107116This protocol consists of lines in the form:
     
    116125Username
    117126.RS 4
    118 The username, expected to be in Samba\'s
     127The username, expected to be in Samba\s
    119128\m[blue]\fBunix charset\fR\m[]\&.
    120 .PP \fBExample\ \&1.\ \&\fR Username: bob
    121 .PP \fBExample\ \&2.\ \&\fR Username:: Ym9i
     129.PP
     130Examples:
     131.RS 4
     132Username: bob
     133.sp
     134Username:: Ym9i
     135.RE
    122136.RE
    123137.PP
    124138NT\-Domain
    125139.RS 4
    126 The user\'s domain, expected to be in Samba\'s
     140The user\s
    127141\m[blue]\fBunix charset\fR\m[]\&.
    128 .PP \fBExample\ \&3.\ \&\fR NT\-Domain: WORKGROUP
    129 .PP \fBExample\ \&4.\ \&\fR NT\-Domain:: V09SS0dST1VQ
     142.PP
     143Examples:
     144.RS 4
     145NT\-Domain: WORKGROUP
     146.sp
     147NT\-Domain:: V09SS0dST1VQ
     148.RE
    130149.RE
    131150.PP
    132151Full\-Username
    133152.RS 4
    134 The fully qualified username, expected to be in Samba\'s
     153The fully qualified username, expected to be in Samba\s
    135154\m[blue]\fBunix charset\fR\m[]
    136155and qualified with the
    137156\m[blue]\fBwinbind separator\fR\m[]\&.
    138 .PP \fBExample\ \&5.\ \&\fR Full\-Username: WORKGROUP\ebob
    139 .PP \fBExample\ \&6.\ \&\fR Full\-Username:: V09SS0dST1VQYm9i
     157.PP
     158Examples:
     159.RS 4
     160Full\-Username: WORKGROUP\ebob
     161.sp
     162Full\-Username:: V09SS0dST1VQYm9i
     163.RE
    140164.RE
    141165.PP
     
    145169LANMAN Challenge
    146170value, generated randomly by the server, or (in cases such as MSCHAPv2) generated in some way by both the server and the client\&.
    147 .PP \fBExample\ \&7.\ \&\fR LANMAN\-Challenge: 0102030405060708
     171.PP
     172Examples:
     173.RS 4
     174LANMAN\-Challenge: 0102030405060708
     175.RE
    148176.RE
    149177.PP
     
    152180The 24 byte
    153181LANMAN Response
    154 value, calculated from the user\'s password and the supplied
     182value, calculated from the user\s password and the supplied
    155183LANMAN Challenge\&. Typically, this is provided over the network by a client wishing to authenticate\&.
    156 .PP \fBExample\ \&8.\ \&\fR LANMAN\-Response: 0102030405060708090A0B0C0D0E0F101112131415161718
     184.PP
     185Examples:
     186.RS 4
     187LANMAN\-Response: 0102030405060708090A0B0C0D0E0F101112131415161718
     188.RE
    157189.RE
    158190.PP
     
    161193The >= 24 byte
    162194NT Response
    163 calculated from the user\'s password and the supplied
     195calculated from the user\s password and the supplied
    164196LANMAN Challenge\&. Typically, this is provided over the network by a client wishing to authenticate\&.
    165 .PP \fBExample\ \&9.\ \&\fR NT\-Response: 0102030405060708090A0B0C0D0E0F101112131415161718
     197.PP
     198Examples:
     199.RS 4
     200NT\-Response: 0102030405060708090A0B0C0D0E0F10111213141516171
     201.RE
    166202.RE
    167203.PP
    168204Password
    169205.RS 4
    170 The user\'s password\&. This would be provided by a network client, if the helper is being used in a legacy situation that exposes plaintext passwords in this way\&.
    171 .PP \fBExample\ \&10.\ \&\fR Password: samba2
    172 .PP \fBExample\ \&11.\ \&\fR Password:: c2FtYmEy
     206The user\*(Aqs password\&. This would be provided by a network client, if the helper is being used in a legacy situation that exposes plaintext passwords in this way\&.
     207.PP
     208Examples:
     209.RS 4
     210Password: samba2
     211.sp
     212Password:: c2FtYmEy
     213.RE
    173214.RE
    174215.PP
     
    176217.RS 4
    177218Upon successful authenticaiton, return the user session key associated with the login\&.
    178 .PP \fBExample\ \&12.\ \&\fR Request\-User\-Session\-Key: Yes
     219.PP
     220Examples:
     221.RS 4
     222Request\-User\-Session\-Key: Yes
     223.RE
    179224.RE
    180225.PP
     
    182227.RS 4
    183228Upon successful authenticaiton, return the LANMAN session key associated with the login\&.
    184 .PP \fBExample\ \&13.\ \&\fR Request\-LanMan\-Session\-Key: Yes
    185 .RE
     229.PP
     230Examples:
     231.RS 4
     232Request\-LanMan\-Session\-Key: Yes
     233.RE
     234.RE
     235.RE
     236.sp
    186237.if n \{\
    187238.sp
     
    196247.ps -1
    197248.br
    198 Implementers should take care to base64 encode
    199                 any data (such as usernames/passwords) that may contain malicous user data, such as
    200                 a newline\&.  They may also need to decode strings from
    201                 the helper, which likewise may have been base64 encoded\&..sp .5v
    202 .RE
     249Implementers should take care to base64 encode any data (such as usernames/passwords) that may contain malicous user data, such as a newline\&. They may also need to decode strings from the helper, which likewise may have been base64 encoded\&.
     250.sp .5v
    203251.RE
    204252.RE
     
    236284\-\-password=PASSWORD
    237285.RS 4
    238 User\'s plaintext password
     286User\s plaintext password
    239287.sp
    240288If not specified on the command line, this is prompted for when required\&.
     
    275323.sp
    276324Note that specifying this parameter here will override the
    277 \m[blue]\fB\%smb.conf.5.html#\fR\m[]
     325\m[blue]\fB\fR\m[]
    278326parameter in the
    279327smb\&.conf
     
    350398.\}
    351399.nf
    352 auth_param ntlm program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-ntlmssp \-\-require\-membership\-of=\'WORKGROUP\eDomain Users\'
    353 auth_param basic program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-basic \-\-require\-membership\-of=\'WORKGROUP\eDomain Users\'
     400auth_param ntlm program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-ntlmssp \-\-require\-membership\-of=\
     401auth_param basic program ntlm_auth \-\-helper\-protocol=squid\-2\&.5\-basic \-\-require\-membership\-of=\
    354402.fi
    355403.if n \{\
     
    358406.SH "TROUBLESHOOTING"
    359407.PP
    360 If you\'re experiencing problems with authenticating Internet Explorer running under MS Windows 9X or Millennium Edition against ntlm_auth\'s NTLMSSP authentication helper (\-\-helper\-protocol=squid\-2\&.5\-ntlmssp), then please read
     408If you\s NTLMSSP authentication helper (\-\-helper\-protocol=squid\-2\&.5\-ntlmssp), then please read
    361409the Microsoft Knowledge Base article #239869 and follow instructions described there\&.
    362410.SH "VERSION"
Note: See TracChangeset for help on using the changeset viewer.