From 941bb9bb6dfd1c2dfd01696b2169e0782158ad6d Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Wed, 28 Nov 2012 12:46:31 +0100 Subject: docs: Rename man ntlm_auth. Rename man ntlm_auth to ntlm_auth4. Karolin Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Nov 28 20:41:48 CET 2012 on sn-devel-104 --- source4/utils/man/ntlm_auth.1.xml | 266 ------------------------------------- source4/utils/man/ntlm_auth4.1.xml | 266 +++++++++++++++++++++++++++++++++++++ source4/utils/wscript_build | 2 +- 3 files changed, 267 insertions(+), 267 deletions(-) delete mode 100644 source4/utils/man/ntlm_auth.1.xml create mode 100644 source4/utils/man/ntlm_auth4.1.xml (limited to 'source4/utils') diff --git a/source4/utils/man/ntlm_auth.1.xml b/source4/utils/man/ntlm_auth.1.xml deleted file mode 100644 index 09a8961a91..0000000000 --- a/source4/utils/man/ntlm_auth.1.xml +++ /dev/null @@ -1,266 +0,0 @@ - - - - - - ntlm_auth - 1 - - - - - ntlm_auth - tool to allow external access to Winbind's NTLM authentication function - - - - - ntlm_auth - -d debuglevel - -l logdir - -s <smb config file> - - - - - DESCRIPTION - - This tool is part of the samba - 7 suite. - - ntlm_auth is a helper utility that authenticates - users using NT/LM authentication. It returns 0 if the users is authenticated - successfully and 1 if access was denied. ntlm_auth uses winbind to access - the user and authentication data for a domain. This utility - is only indended to be used by other programs (currently squid). - - - - - OPERATIONAL REQUIREMENTS - - - The winbindd - 8 daemon must be operational - for many of these commands to function. - - Some of these commands also require access to the directory - winbindd_privileged in - $LOCKDIR. This should be done either by running - this command as root or providing group access - to the winbindd_privileged directory. For - security reasons, this directory should not be world-accessable. - - - - - - OPTIONS - - - - --helper-protocol=PROTO - - Operate as a stdio-based helper. Valid helper protocols are: - - - - squid-2.4-basic - - Server-side helper for use with Squid 2.4's basic (plaintext) - authentication. - - - - squid-2.5-basic - - Server-side helper for use with Squid 2.5's basic (plaintext) - authentication. - - - - squid-2.5-ntlmssp - - Server-side helper for use with Squid 2.5's NTLMSSP - authentication. - Requires access to the directory - winbindd_privileged in - $LOCKDIR. The protocol used is - described here: http://devel.squid-cache.org/ntlm/squid_helper_protocol.html - - - - - ntlmssp-client-1 - - Cleint-side helper for use with arbitary external - programs that may wish to use Samba's NTLMSSP - authentication knowlege. - This helper is a client, and as such may be run by any - user. The protocol used is - effectivly the reverse of the previous protocol. - - - - - - gss-spnego - - Server-side helper that implements GSS-SPNEGO. This - uses a protocol that is almost the same as - squid-2.5-ntlmssp, but has some - subtle differences that are undocumented outside the - source at this stage. - - Requires access to the directory - winbindd_privileged in - $LOCKDIR. - - - - - - gss-spnego-client - - Client-side helper that implements GSS-SPNEGO. This - also uses a protocol similar to the above helpers, but - is currently undocumented. - - - - - - - - - --username=USERNAME - - Specify username of user to authenticate - - - - - - --domain=DOMAIN - - Specify domain of user to authenticate - - - - - --workstation=WORKSTATION - - Specify the workstation the user authenticated from - - - - - --challenge=STRING - NTLM challenge (in HEXADECIMAL) - - - - - --lm-response=RESPONSE - LM Response to the challenge (in HEXADECIMAL) - - - - --nt-response=RESPONSE - NT or NTLMv2 Response to the challenge (in HEXADECIMAL) - - - - --password=PASSWORD - User's plaintext passwordIf - not specified on the command line, this is prompted for when - required. - - - - --request-lm-key - Retreive LM session key - - - - --request-nt-key - Request NT key - - - - --diagnostics - Perform Diagnostics on the authentication - chain. Uses the password from --password - or prompts for one. - - - - - --require-membership-of={SID|Name} - Require that a user be a member of specified - group (either name or SID) for authentication to succeed. - - - - - - - - EXAMPLE SETUP - - To setup ntlm_auth for use by squid 2.5, with both basic and - NTLMSSP authentication, the following - should be placed in the squid.conf file. - -auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp -auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic -auth_param basic children 5 -auth_param basic realm Squid proxy-caching web server -auth_param basic credentialsttl 2 hours - - -This example assumes that ntlm_auth has been installed into your - path, and that the group permissions on - winbindd_privileged are as described above. - - To setup ntlm_auth for use by squid 2.5 with group limitation in addition to the above - example, the following should be added to the squid.conf file. - -auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of='WORKGROUP\Domain Users' -auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of='WORKGROUP\Domain Users' - - - - - - TROUBLESHOOTING - - If you're experiencing problems with authenticating Internet Explorer running - under MS Windows 9X or Millenium Edition against ntlm_auth's NTLMSSP authentication - helper (--helper-protocol=squid-2.5-ntlmssp), then please read - - the Microsoft Knowledge Base article #239869 and follow instructions described there. - - - - - VERSION - - This man page is correct for version 3.0 of the Samba - suite. - - - - AUTHOR - - The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed. - - The ntlm_auth manpage was written by Jelmer Vernooij and - Andrew Bartlett. - - - diff --git a/source4/utils/man/ntlm_auth4.1.xml b/source4/utils/man/ntlm_auth4.1.xml new file mode 100644 index 0000000000..da187d720e --- /dev/null +++ b/source4/utils/man/ntlm_auth4.1.xml @@ -0,0 +1,266 @@ + + + + + + ntlm_auth4 + 1 + + + + + ntlm_auth4 + tool to allow external access to Winbind's NTLM authentication function + + + + + ntlm_auth4 + -d debuglevel + -l logdir + -s <smb config file> + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + ntlm_auth4 is a helper utility that authenticates + users using NT/LM authentication. It returns 0 if the users is authenticated + successfully and 1 if access was denied. ntlm_auth4 uses winbind to access + the user and authentication data for a domain. This utility + is only indended to be used by other programs (currently squid). + + + + + OPERATIONAL REQUIREMENTS + + + The winbindd + 8 daemon must be operational + for many of these commands to function. + + Some of these commands also require access to the directory + winbindd_privileged in + $LOCKDIR. This should be done either by running + this command as root or providing group access + to the winbindd_privileged directory. For + security reasons, this directory should not be world-accessable. + + + + + + OPTIONS + + + + --helper-protocol=PROTO + + Operate as a stdio-based helper. Valid helper protocols are: + + + + squid-2.4-basic + + Server-side helper for use with Squid 2.4's basic (plaintext) + authentication. + + + + squid-2.5-basic + + Server-side helper for use with Squid 2.5's basic (plaintext) + authentication. + + + + squid-2.5-ntlmssp + + Server-side helper for use with Squid 2.5's NTLMSSP + authentication. + Requires access to the directory + winbindd_privileged in + $LOCKDIR. The protocol used is + described here: http://devel.squid-cache.org/ntlm/squid_helper_protocol.html + + + + + ntlmssp-client-1 + + Cleint-side helper for use with arbitary external + programs that may wish to use Samba's NTLMSSP + authentication knowlege. + This helper is a client, and as such may be run by any + user. The protocol used is + effectivly the reverse of the previous protocol. + + + + + + gss-spnego + + Server-side helper that implements GSS-SPNEGO. This + uses a protocol that is almost the same as + squid-2.5-ntlmssp, but has some + subtle differences that are undocumented outside the + source at this stage. + + Requires access to the directory + winbindd_privileged in + $LOCKDIR. + + + + + + gss-spnego-client + + Client-side helper that implements GSS-SPNEGO. This + also uses a protocol similar to the above helpers, but + is currently undocumented. + + + + + + + + + --username=USERNAME + + Specify username of user to authenticate + + + + + + --domain=DOMAIN + + Specify domain of user to authenticate + + + + + --workstation=WORKSTATION + + Specify the workstation the user authenticated from + + + + + --challenge=STRING + NTLM challenge (in HEXADECIMAL) + + + + + --lm-response=RESPONSE + LM Response to the challenge (in HEXADECIMAL) + + + + --nt-response=RESPONSE + NT or NTLMv2 Response to the challenge (in HEXADECIMAL) + + + + --password=PASSWORD + User's plaintext passwordIf + not specified on the command line, this is prompted for when + required. + + + + --request-lm-key + Retreive LM session key + + + + --request-nt-key + Request NT key + + + + --diagnostics + Perform Diagnostics on the authentication + chain. Uses the password from --password + or prompts for one. + + + + + --require-membership-of={SID|Name} + Require that a user be a member of specified + group (either name or SID) for authentication to succeed. + + + + + + + + EXAMPLE SETUP + + To setup ntlm_auth4 for use by squid 2.5, with both basic and + NTLMSSP authentication, the following + should be placed in the squid.conf file. + +auth_param ntlm program ntlm_auth4 --helper-protocol=squid-2.5-ntlmssp +auth_param basic program ntlm_auth4 --helper-protocol=squid-2.5-basic +auth_param basic children 5 +auth_param basic realm Squid proxy-caching web server +auth_param basic credentialsttl 2 hours + + +This example assumes that ntlm_auth4 has been installed into your + path, and that the group permissions on + winbindd_privileged are as described above. + + To setup ntlm_auth4 for use by squid 2.5 with group limitation in addition to the above + example, the following should be added to the squid.conf file. + +auth_param ntlm program ntlm_auth4 --helper-protocol=squid-2.5-ntlmssp --require-membership-of='WORKGROUP\Domain Users' +auth_param basic program ntlm_auth4 --helper-protocol=squid-2.5-basic --require-membership-of='WORKGROUP\Domain Users' + + + + + + TROUBLESHOOTING + + If you're experiencing problems with authenticating Internet Explorer running + under MS Windows 9X or Millenium Edition against ntlm_auth4's NTLMSSP authentication + helper (--helper-protocol=squid-2.5-ntlmssp), then please read + + the Microsoft Knowledge Base article #239869 and follow instructions described there. + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The ntlm_auth4 manpage was written by Jelmer Vernooij and + Andrew Bartlett. + + + diff --git a/source4/utils/wscript_build b/source4/utils/wscript_build index 3b21eda900..a5217b3c61 100644 --- a/source4/utils/wscript_build +++ b/source4/utils/wscript_build @@ -2,7 +2,7 @@ bld.SAMBA_BINARY('ntlm_auth4', source='ntlm_auth.c', - manpages='man/ntlm_auth.1', + manpages='man/ntlm_auth4.1', deps='''samba-hostconfig samba-util popt POPT_SAMBA POPT_CREDENTIALS gensec LIBCLI_RESOLVE auth4 NTLMSSP_COMMON MESSAGING events service''', -- cgit