Re: [squid-users] winbindd and wb_group

From: Billy Macdonald <whmac33@dont-contact.us>
Date: Tue, 10 Sep 2002 23:32:29 -0700 (PDT)

--- Henrik Nordstrom <hno@squid-cache.org> wrote:
> Billy Macdonald wrote:
>
> > I have basic & ntlm user authentication in squid working but I can't quite
> > figure out how to get winbind_group external acls working.
>
> external_acl_type nt_group %LOGIN /usr/local/squid/libexec/wb_group
> acl group1 external nt_group GroupName1
>
> Any number of NT group names can be listed in the acl if needed, but the
> listed groups may not yet contain spaces.

Do you know if the usernames may contain spaces. Groups I can work around
usernames I'm stuck with, ugh :(

>
> Same technique applies to all of the different group external_acl
> helpers in Squid-2.5.
>
>
> This is also documented in a
> helpers/external_acl/winbind_group/readme.txt file that is supposed to
> be in the release, but from what it looks this is currently only
> available in the developer sources.. This will be fixed in the next
> snapshot release to have this readme.txt file included. If someone could
> convert this to a man page it would be great. Use the manpage of
> unix_group as template, combined with the details in
> winbind_group/readme.txt and send your suggestion to
> squid-dev@squid-cache.org for inclusion.
>
> > I am also unable to get wbinfo -n "DOMAIN\user" to work where domain is a
> > trusted domain. It works fine if DOMAIN is the domain winbindd is joined
> to.
>
> No idea, and I only have a single domain to play with... Best place to
> ask this question would be a Samba mailing list or newsgroup I guess..
>

Turns out I'm just an idiot on this one. The domain controllers for the
trusted domains are in another subnet. Finally lookup up how to debug winbindd
and it jumped right out at me. Added the route and it worked like a charm.

Can't believe I didn't even look at that.

> Regards
> Henrik

Thanks for everything,
Billy

__________________________________________________
Yahoo! - We Remember
9-11: A tribute to the more than 3,000 lives lost
http://dir.remember.yahoo.com/tribute
Received on Wed Sep 11 2002 - 00:32:30 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:12 MST