Grund, Andreas wrote:
> I have a authorisation problem using external helper wbinfo_group.pl. We
> have 2 trusted domains DOM_A and DOM_B (NT4 Domains). Authorisation to
> DOM_A (squid server is member of DOM_A) works fine, but users belonging to
> DOM_B couldn't be authorized.
> For example: 'userB' belonging to group 'grpB' in domain 'DOM_B' tries to
> open a page. Now wbinfo_group gets 'DOM_B+userB grpB' and is sending 'ERR'
> to quid (could not lookup name).
> If the parameter would be 'DOM_B+userB DOM_B+grpB', everything would be
> fine (at least regarding my tests using wbinfo_group.pl directly from
> shell).
> # squid_auskunftD2 is global group in DOM_A
> acl _auskunftD1_user external NT_global_group squid_auskunftD1
> # squid_auskunftD2 is global group in DOM_B
> acl _auskunftD2_user external NT_global_group squid_auskunftD2
What if you changed these acls to be:
acl _auskunftD1_user external NT_global_group DOM_A+squid_auskunftD1
acl _auskunftD2_user external NT_global_group DOM_B+squid_auskunftD2
Adam
Received on Thu Dec 02 2004 - 17:37:44 MST
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:01 MST