Re(2): [squid-users] wb_group issues

From: Roman Rathler <Roman.Rathler@dont-contact.us>
Date: Thu, 29 Apr 2004 11:08:51 +0200 (METDST)

Begin forwarded Message from Roman Rathler,
Thu, 29 Apr 2004 11:06:01 +0200 (METDST):
Hi,

in the meanwhile i got it running using the wbinfo_group.pl helper.
There is a bug in the perl script that comes with the fedora package
squid-2.5.STABLE3-1.fc1 when it tries converting groupSID to groupGID...

the result of $groupSID (wbinfo -n groupname) is:

S-1-5-21-515967xxx-1078145xxx-1708537xxx-1236 Domain Group (2)

the perl script expects it just to be the SID -> here is my workaround
for the perl script (i do not program perl normally so this code could
for shure look nicer):

sub check {
local($user, $group) = @_;
$groupSID = `wbinfo -n "$group"`;
chop $groupSID;

>> @hugo = split(/ /, $groupSID);
>> $groupGID = `wbinfo -Y $hugo[0]`;

chop $groupGID;
&debug( "User: -$user-\nGroup: -$group-\nSID: -$groupSID-\nGID:
-$groupGID-");
return 'OK' if(`wbinfo -r \Q$user\E` =~ /^$groupGID$/m);
return 'ERR';
}

don't know wheter this was already fixed in the squid distribution...

best regards,
roman

Henrik Nordstrom <hno@squid-cache.org> writes on
Wed, 28 Apr 2004 17:39:11 +0200 (METDST):

> On Wed, 28 Apr 2004, Roman Rathler wrote:
>
>
> > I have a squid up and running with samba-3 using the fedora

packages

> > (squid-2.5.STABLE3-1.fc1). authentication against the ads works

fine

> > from squid for basic and ntlm authentication. now i want to build

some

> > acls using groups from the active directory.
> >
> > I tried unsing wb_group helper with syntax like this:
>
> wb_group is only valid for use with Samba-2.2.X. For Samba-3 you need
> to
> use the wbinfo_group helper.
>
> Regards
> Henrik
>

___________________________________________________
Stay Tuned For PocketBeats
http://pocketbeats.net/
Received on Thu Apr 29 2004 - 03:08:59 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:03 MDT