> > Hmm, strange, I'm running STABLE5 with Icap and watching the
> > X-Authenticated-User header (after Base64 decoding it).
> >
> > If I use Basic auth, log in as <domain>\<username> then I am
returned
> > the full domain and username (as I typed them).
>
> Correct.
>
> > But, if I use NTLM, logged on to the domain from my pc, then I am
> > returned just the username (in uppercase).
> >
> > Could this be related to my smb.conf configuration?
> >
> > I am using the Samba 3 authentication helpers.
>
> Maybe, or quite likely actually. It is the helper who returns the
username
> to Squid.
Should the samba helper (run with the
--helper-protocol=squid-2.5-ntlmssp argument) not correspond to the
following protocol?
http://devel.squid-cache.org/ntlm/squid_helper_protocol.html
If so, then it is not as it doesn't always return the username in the
domain\user form.
I could force it in ntlm_auth.c for my own use but is it actually a
samba bug that should be fixed?
I know this is venturing into samba code but it is squid related. Would
I be correct in replacing the line
x_fprintf(x_stdout, "AF %s\n", (char *)ntlmssp_state->auth_context);
with something along the lines of
x_fprintf(x_stdout, "AF %s%c%s\n", (char *)ntlmssp_state->domain,
winbind_separator(), (char *)ntlmssp_state->user);
?
Thanks,
Graeme.
Received on Thu Mar 18 2004 - 08:06:14 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST