RE: [squid-users] wb_group problems from García García, Alberto on 2002-12-23 (squid-users)

From: García García, Alberto <agarciag@dont-contact.us>
Date: Mon, 23 Dec 2002 11:38:21 +0100

Well, while i´m waiting for more opinions, i´m probing the external
helper wbinfo. I can authenticate any user os all trusted DOMAINS with
wbinfo -a option, but when i use the -n option to traslate the
Username/Group... to UID/GID... it only work in the DOMAIN that i´m logged.

        Example:

        smbpasswd -j DOMAIN1 -r PDC1 -U Administrator

wbinfo -a DOMAIN1\\USER1%Password ------------------> Success
wbinfo -a DOMAIN2\\USER2%Password ------------------> Success

wbinfo -n DOMAIN1\\USER1 ----------------> uid
wbinfo -n DOMAIN2\\USER2 ----------------> Could not lookup name
DOMAIN2\USER2

Thanks.

-----Mensaje original-----
De: "García García, Alberto" [mailto:agarciag@endesa.es]
Enviado el: lunes, 23 de diciembre de 2002 9:57
Para: 'squid-users@squid-cache.org'
Asunto: RE: [squid-users] wb_group problems

I´m tryng the authentiation creating a LOCAL_GROUP (GROUP1)in
WINDOWS2K (DOMAIN1)and including in this group the WINDOWS NT
(DOMAIN2\GROUP1), but doesn´t work.

I´m reading from mailing list and see that WB_GROUP only work with
Global_Groups and not with LOCAL_GROUPS.

It´s posible to authenticate with LOCAL_GROUPS.

Thank´s.

-----Mensaje original-----
De: Henrik Nordstrom [mailto:hno@marasystems.com]
Enviado el: jueves, 19 de diciembre de 2002 22:42
Para: García García, Alberto; 'squid-users@squid-cache.org'
Asunto: Re: [squid-users] wb_group problems

Groups in trusted domains should work if the trust works.

Does "wbinfo -g" find the group in the users domain? If not then the
trust is not set up properly for winbind, winbind is otherwise
confused or the group simply does not exists in the users domain.

It is possible you need to speficy the group by domain to wb_group for
domains connected via trust relations. I do not know. Only have a
single NT server in our lab. wb_group checks group names as returned
by winbind by lookup of the group SID. Hmm.. it may be possible that
wb_group cannot lookup groups outside the primary domain.

Regards
Henrik

On Wednesday 18 December 2002 17.13, García García, Alberto wrote:
> Multidomain work fine for NTLM but when i try the authentication
> with wb_group the users will need an account in this group. Isn´t
> it?
>
> Authentication in PDC/BDC of DOMAIN1
>
> User1-Group1 in DOMAIN1 autthentication is good.
> User1-Group1 in DOMAIN2 bad authentication (user is not in PDC/BDC
> of Domain1)

Este mensaje de correo electrónico y sus documentos adjuntos están dirigidos
EXCLUSIVAMENTE a los destinatarios especificados. La información contenida
puede ser CONFIDENCIAL y/o estar LEGALMENTE PROTEGIDA y no necesariamente
refleja la opinión de ENDESA. Si usted recibe este mensaje por ERROR, por
favor comuníqueselo inmediatamente al remitente y ELIMÍNELO ya que usted
NO ESTA AUTORIZADO al uso, revelación, distribución, impresión o copia de
toda o alguna parte de la información contenida. Gracias.

This e-mail message and any attached files are intended SOLELY for the
addressee/s identified herein. It may contain CONFIDENTIAL and/or LEGALLY
PRIVILEGED information and may not necessarily represent the opinion of
ENDESA. If you receive this message in ERROR, please immediately notify the
sender and DELETE it since you ARE NOT AUTHORIZED to use, disclose,
distribute, print or copy all or part of the contained information. Thank
you.

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:11 MST