Re: [squid-users] Pb with external acl winbind_group

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 07 Nov 2002 15:58:37 +0100

The winbind_group helper currently expects full login names including
domain.

Regards
Henrik Nordström

tor 2002-11-07 klockan 15.13 skrev BEOI 7308:
> Greetings,
>
> I've been searching for days to solve my pb but couldnt manage to find
> any help
> I've set up squid-2.5.STABLE1, samba-2.2.6 on linux Debian 2.4.19 and
> wish to authenticate
> users via ntlm to give access to the cache if they are part of an NT
> group
>
> samba configure options :
> --with-winbind --with-winbind-auth-challenge
>
> i managed to join the domain via the "smbpasswd -j DOMAIN -r PDC -U
> Administrator" command
> "wbinfo -t" gives me good secret
> "wbinfo -a mydomain+myuser%mypasswd" gives a success in both plaintext
> and challenge/response authentication
>
> squid configure options :
> --enable-auth="ntlm,basic" --enable-basic-auth-helpers="winbind"
> --enable-ntlm-auth-helpers="winbind"
> --enable-external-acl-helpers="winbind_group"
>
> using "/usr/local/squid-2.5/libexec/wb_auth -d" with "mydomain+myuser
> mypasswd" gives me "OK"
> but when i try to check if a user is part of a group with
> "/usr/local/squid-2.5/libexec/wb_group -d" and enter "mydomain+myuser
> group" I always get an "ERR"
> even if myuser is part of the group on the NT box (btw "getent group"
> gives me the full listing of the domain groups)
> i've tried to enter "myuser" without "mydomain+", "mydomain+group"
> instead of "group", group in lowercase and group in uppercase but it
> always ends with an "ERR"
>
> is there anyone here who could help me to solve this problem ?
> thanks in advance
>
> Quentin
>
Received on Thu Nov 07 2002 - 07:57:53 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:12 MST