We had an issue where with two NT domains that trusted one another, the
users would not get authenticated to the cache unless they were members of
the same domain that held the squid server. What we found was that a
trusted domain would return DOMAIN+USERNAME rather than DOMAIN/USERNAME so
that the domain would not get stripped before being presented. Here's an
enhancement that seems to work. This is in squid_ldap_group.c
if (user && strip_nt_domain) {
char *u = strchr(user, '\\');
if (!u)
u = strchr(user, '/');
/*Addition to allow trusted domains*/
if (!u)
u = strchr(user, '+');
/*end of addition*/
if (u && u[1])
user = u + 1;
}
Sam
Received on Tue Apr 06 2004 - 14:18:25 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:01 MDT