Karl Karlsson wrote:
Those standards i fully agree with. I got a bit a float there and thought
you meant it in a broader sense as it's going almost everywhere these days
where they use pam to glue every one and everything together. But this
really is off topic from that AD where we started. :)
On Feb 8, 2008 7:58 AM, Lars Noodin <[EMAIL PROTECTED]> wrote:
>expected to emulate a Windows Server 200x domain controller.
>But the interoperability issue goes far deeper than this.
>In the domain control protocols that are used by MS Windows
>XP Professional, the
2008/2/8, Eduardo Alvarenga <[EMAIL PROTECTED]>:
>
> 2008/2/8, Karl Karlsson <[EMAIL PROTECTED]>:
> > 2008/2/8, Eduardo Alvarenga <[EMAIL PROTECTED]>:
> > >
> > > A long time ago a asked the developers to implement nsswitch
> > > compatibility on OpenBSD, for sake of having user automatic
> > > syn
2008/2/8, Karl Karlsson <[EMAIL PROTECTED]>:
> 2008/2/8, Eduardo Alvarenga <[EMAIL PROTECTED]>:
> >
> > A long time ago a asked the developers to implement nsswitch
> > compatibility on OpenBSD, for sake of having user automatic
> > syncronization on AD. The answer was not positive.
> >
> > There i
2008/2/8, Eduardo Alvarenga <[EMAIL PROTECTED]>:
>
> A long time ago a asked the developers to implement nsswitch
> compatibility on OpenBSD, for sake of having user automatic
> syncronization on AD. The answer was not positive.
>
> There is also a patch that implements this hanging around. Got to
A long time ago a asked the developers to implement nsswitch
compatibility on OpenBSD, for sake of having user automatic
syncronization on AD. The answer was not positive.
There is also a patch that implements this hanging around. Got to ask Google :-)
Maybe it's time for OpenBSD to become more c
> I'm not sure I fully understand:
> I was under the impression that NT, up to NT 4, used the PDC/BDC
> model, and W2K and later used AD. While the kernel-panic tutorial does
> seem to address using OpenBSD to handle logins to NT4-compatible
> domains (including logins to such domains from W2K/WXP
2008/2/8, ropers <[EMAIL PROTECTED]>:
>
>
> I'm not sure I fully understand:
> I was under the impression that NT, up to NT 4, used the PDC/BDC
> model, and W2K and later used AD. While the kernel-panic tutorial does
> seem to address using OpenBSD to handle logins to NT4-compatible
> domains (incl
> [EMAIL PROTECTED] wrote:
> >> Brett Lymn wrote:
> >
> >> So, regarding these claims of interoperability, can you put
> >> LDAP+Kerberos+DNS services on an OpenBSD in a network of Windows
> >> clients and removed the need for any other machines running AD?
> >
> > have a look at this:
> > http://w
[EMAIL PROTECTED] wrote:
Brett Lymn wrote:
So, regarding these claims of interoperability, can you put
LDAP+Kerberos+DNS services on an OpenBSD in a network of Windows clients
and removed the need for any other machines running AD?
have a look at this:
http://www.kernel-panic.it/openbsd/pdc/
On Thu, Feb 07, 2008 at 11:26:09AM +0200, Lars Nood?n wrote:
>
> Pose the question again. You are, among other things, unclear.
>
No. Look in the archives if you want it - I know you don't have any
answers apart from some tired rhetoric.
--
Brett Lymn
"Warning:
The information contained in t
On Thu, Feb 07, 2008 at 11:42:38AM -, [EMAIL PROTECTED] wrote:
> > Brett Lymn wrote:
>
I did not.
> > So, regarding these claims of interoperability, can you put
> > LDAP+Kerberos+DNS services on an OpenBSD in a network of Windows clients
> > and removed the need for any other machines runni
> Brett Lymn wrote:
> So, regarding these claims of interoperability, can you put
> LDAP+Kerberos+DNS services on an OpenBSD in a network of Windows clients
> and removed the need for any other machines running AD?
have a look at this:
http://www.kernel-panic.it/openbsd/pdc/
I found it on:
http:
Brett Lymn wrote:
... I have used squid
integrated with Active Directory authentication using purely open
source tools (samba winbindd, MIT kerberos 5, openldap) for _years_.
It works - no ifs no buts, it just goes.
I have not contested that. Anything can be hacked together with enough
skil
On Wed, Feb 06, 2008 at 02:42:02PM +0200, Lars Nood?n wrote:
> Brett Lymn wrote:
>
> >Oddly this non-standard AD seems to interoperate with the Solaris ldap
> >client, an openldap client and with MIT kerberos just fine.
>
> Seems to, or actually does? Or can be be pounded in after agreeing to
>
Lars NoodC)n wrote:
bofh wrote:
http://msdn2.microsoft.com/en-us/library/ms818754.aspx
Read the page topic and search for the word "PAC "
Several links in it appears to confirm that a broken version of
Kerberos is still used:
"The Kerberos Authentication Group Membership
Extensions
On Feb 6, 2008 9:07 AM, Lars Noodin <[EMAIL PROTECTED]> wrote:
> bofh wrote:
>
> > http://msdn2.microsoft.com/en-us/library/ms818754.aspx
> > Read the page topic and search for the word "PAC "
>
> Several links in it appears to confirm that a broken version of Kerberos
> is still used:
>
>
bofh wrote:
http://msdn2.microsoft.com/en-us/library/ms818754.aspx
Read the page topic and search for the word "PAC "
Several links in it appears to confirm that a broken version of Kerberos
is still used:
"The Kerberos Authentication Group Membership
Extensions extend the K
On Feb 6, 2008 7:42 AM, Lars Noodin <[EMAIL PROTECTED]> wrote:
> Brett Lymn wrote:
>
> > Oddly this non-standard AD seems to interoperate with the Solaris ldap
> > client, an openldap client and with MIT kerberos just fine.
>
> Seems to, or actually does? Or can be be pounded in after agreeing to
Brett Lymn wrote:
Oddly this non-standard AD seems to interoperate with the Solaris ldap
client, an openldap client and with MIT kerberos just fine.
Seems to, or actually does? Or can be be pounded in after agreeing to
non-Open licenses?
Point me to some more recent articles or documentati
On Wed, Feb 06, 2008 at 10:09:50AM +0200, Lars Nood?n wrote:
>
> Assuming a positive aspect to that, either you're confused about the
> meaning of word 'based' or unfamiliar with AD.
>
Neither actually but you seem content. Never mind.
> AD is *not* Kerberos nor is it LDAP. AD may well be insp
On Feb 6, 2008 4:45 PM, Lars Noodin <[EMAIL PROTECTED]> wrote:
> You've provided that data point yourself: MS Windows.
Since when is misc@ a Linux-esque anti-MS list?
---
Lars Hansson
On Wed, 6 Feb 2008, Luca Dell'Oca wrote:
http://www.mail-archive.com/misc@openbsd.org/msg30134.html
right now I had not so much time to test it, the modifications to the makefile
worked and squid compiled correctly. One of the interesting part of this
solution is not having to install samba stu
> I am the patch author.
>
> It's working since it's first implementation.
> Maybe it's time for the maintainers to consider committing it.
Is there any reason for not having it committed?
Did you had some reply from the maintainers?
I think it would be useful to have it.
Luca.
On Feb 6, 2008 3:45 AM, Lars Noodin <[EMAIL PROTECTED]> wrote:
> Andre van Zyl wrote:
> > Please show me the proof that my customers are experiencing "a net loss
> of
> > productivity" ...
>
> You've provided that data point yourself: MS Windows.
That's just plain stupid, just like people who us
> Well, it sounds like the OP or his cusomer has a Windows
> network, so how about uh... AD???
Exactly.
I cannot take away AD, I need to read it and authenticate users in squid.
While reading at the discussion going on without a solution, I still have the
problema patching the makefile. I read so
On Feb 6, 2008 3:09 AM, Lars Noodin <[EMAIL PROTECTED]> wrote:
>
> Please. There is enough bs here without intentionally piling it on.
> Assuming a positive aspect to that, either you're confused about the
> meaning of word 'based' or unfamiliar with AD.
>
> AD is *not* Kerberos nor is it LDAP. A
>> Please show me the proof that my customers are experiencing "a net loss
> of
>> productivity"
You left out "because their squid boxes authenticate to AD"
>
> You've provided that data point yourself: MS Windows.
>
Ah, I see, so in other words you don't have a clue?
> Just because people q
Andre van Zyl wrote:
Please show me the proof that my customers are experiencing "a net loss of
productivity" ...
You've provided that data point yourself: MS Windows.
Just because people quickly get used to and comfortable with a lower
level of productivity doesn't mean that it's not a probl
Jonathan Franks wrote:
I think Andre's point, ...
There are at least two perspectives on the problem. One perspective is
always how can the computer be used to avoid having the problem again in
the future.
By incorpo
... Sometimes that's just not an option, and I'm not rich enough to
turn
Brett Lymn wrote:
... They use LDAP+kerberos plus a bit of DNS ...
Please. There is enough bs here without intentionally piling it on.
Assuming a positive aspect to that, either you're confused about the
meaning of word 'based' or unfamiliar with AD.
AD is *not* Kerberos nor is it LDAP. AD m
> Obviously you've had no contact with AD or the cruftware it is infesting.
>
More than enough to call you out on the ignorant, unsubstantiated crap
you're posting.
Please show me the proof that my customers are experiencing "a net loss of
productivity" because their squid boxes authenticate to
On Tue, Feb 05, 2008 at 05:32:48PM +0200, Lars Nood?n wrote:
>
> Obviously you've had no contact with AD or the cruftware it is infesting.
>
Looks like you have not had much either.
> So what standards-based authentication service would you propose besides
> LDAP+Kerberos? Hesiod? Shibboleth
On Feb 5, 2008, at 10:32 AM, Lars Noodin wrote:
[EMAIL PROTECTED] wrote:
[blather]
Obviously you've had no contact with AD or the cruftware it is
infesting.
So what standards-based authentication service would you propose
besides LDAP+Kerberos? Hesiod? Shibboleth?
-Lars
I think Andre's po
[EMAIL PROTECTED] wrote:
[blather]
Obviously you've had no contact with AD or the cruftware it is infesting.
So what standards-based authentication service would you propose besides
LDAP+Kerberos? Hesiod? Shibboleth?
-Lars
> Allowing AD near any part of your infrastructure is the opposite of
> useful and results in a net loss of productivity. No.
>
> LDAP+Kerberos is one tried and true option, but there are others
> nowadays. Don't confuse AD with a useful tool or with an authentication
> service
This has to be
David Gwynne wrote:
pretty sure he would. it's useful.
Running squid against an authentication service is useful. Yes.
Allowing AD near any part of your infrastructure is the opposite of
useful and results in a net loss of productivity. No.
LDAP+Kerberos is one tried and true option, but
Hummm, I wish I had seen this patch earlier. Anyway, when I need
winbind, I just edit squid's Makefile and add winbind configure
args...
As Eduardo said, why not have a winbind flavor for the squid package?
--
An OpenBSD user... and that's all you need to know =)
I am the patch author.
It's working since it's first implementation.
Maybe it's time for the maintainers to consider committing it.
2008/2/4, David Gwynne <[EMAIL PROTECTED]>:
> On 04/02/2008, at 8:13 PM, Lars Noodin wrote:
>
> > Luca Dell'Oca wrote:
> >> I would like to authenticate user and pas
On 04/02/2008, at 8:13 PM, Lars Noodin wrote:
Luca Dell'Oca wrote:
I would like to authenticate user and password of users in an Active
Directory
No. You wouldn't.
pretty sure he would. it's useful.
Luca Dell'Oca wrote:
I would like to authenticate user and password of users in an Active
Directory
No. You wouldn't.
Hi all,
i'm have very little experienced on squid.
I would like to authenticate user and password of users in an Active
Directory based network (windows Server 2003) in order to assign
specific ACL to each of them. I do not nead to read group membership...
I founded on the internet this tutorial:
42 matches
Mail list logo
