On Fri, 31 Oct 2003, Lombardo Federico wrote:
> but wbinfo_group is a perl script, I've a lot of users... I'm afraid that
> will slow down authentication process, isn't it ?
Not really. The speed difference is marginal, and in both cases the
results are aggressively cached by Squid.
> wb_group is as far tested to be rock stable and fast, is possible to
> re-implement it to work on samba 3 ?
Not unless the Samba team provides such helper.
> Is in roadmap a ntlm_auth for ADS groups that implement fully NTLMv2
> authentication with group support ?
yes. In fact the Samba-3 helper does so already but there is issues in
Squid preventing it from happening.
group support is independent of NTLMv2.
> I think that ntlm_auth that comes with samba 3 is fast and useful, But I
> must track 1000 users in a ACL regex... this is not a good thing... Also
> because I need to create policies for groups of users.
Use wbinfo_group helper.
> What do you think if I integrate winbind with ADS win2k with PAM, and use
> squid pam authentication for groups ? is possible ?
For ADS you should be using the LDAP helpers for group membership lookups
and basic authentication.
PAM is also possible (for Basic authentication only), but generally only
makes the setup several orders of magnitude more complex, and is only
interesting if you really want the OS to know about all the users.
Regards
Henrik
Received on Fri Oct 31 2003 - 08:26:24 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:46 MST