On Fri, Jul 11, 2008 at 10:57:39AM +0800, Dikan Xing wrote:
> Hi, all
>
> My problem is concerning Automatic Integrated Windows Auth (IWA).
>
> I've successfully on my ubuntu
> a) joined a Windows domains (by net join -S),
> b) list domain users (by wbinfo -u),
> c) logined gnome with a domain user (domain\username).
>
> What drives me to do all this is to expect
> 1) my firefox automatically answers ntlm (a.k.a. iwa, integrated windows auth) when
> I visit an Outlook Web Access site. (network.automatic-ntlm-auth.trusted-uris is set to proper value, which works in Windows)
> 2) nautilus automatically login when I visit a share folder inside the domain
> (by addresss starting smb://machine/folder.///)
>
> But neither works.
>
> Firefox prompt for username & password when I visit an Exchange site using IWA.
> nautilus still prompt for password although he auto correctly fills the name & domain field.
>
> Is this a configuration problem of samba?
> or that the implementation of firefox & nautilus take charge and they haven't implemented?

We fixed this in SuSE when I was working for Novell by the
use of helpers in firefox that would invoke the ntlm_auth
code for old IIS servers that only use NTLM instead of
kerberos. Winbindd has to have a credential cache set up
from login in order to create the NTLMSSP blobs for firefox.
Note sure of the state of that code integrated into the
firefox shipped by Ubuntu - I know it's in the openSuSE
one.

Nautilus could use the same code (although I believe that
uses krb5 tickets by preference).

You might want to raise this one with launchpad. I can
help them integrate the same code that was done for
SuSE is they haven't already done it.

The argument to ntlm_auth is ""ntlmssp-client-1"

Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba