Neil Gaskell wrote:
> Hi,
>
> I'm new to the list so I hope I'm not asking one of those questions
> that gets asked ten times a week :)
>
> I'm running Squid 2.5 Stable with Samba 3.03 on Fedora core 2.
>
> I set it up by reading the NTLM/winbind sections in the FAQ, which
> also roughly corresponds with some other people's squid.conf's I googled.
>
> Winbind is working, ntlm_auth tests OK and NTLM authentication via IE
> works fine for domain users (2K AD). But of course, I want to
> authenticate based on group membership not just plain domain
> membership. wbinfo_group.pl seems to be working - I can manually feed
> it usernames or 'domain+username' and groupnames and get the correct
> responses.
>
> Fine so far.... but when squid speaks to wbinfo_group.pl the script
> only sees the domain name and the group to be queried, not the
> username (according to its debug output). Hence it allways returns ERR.
>
> I've tried setting the winbind separator to '+' but this doesnt seem
> to have made a difference. To be honest I've only been using linux for
> a few months so this has all taken me quite a while and I'm running
> out of time I can spend on this - I'm hoping someone out there can
> suggest something.
>
Cracked it now I think. I was using the wrong ntlm_auth module, now I'm
using the one in /usr/bin (that came with samba?) and its passing the
right info to wbinfo_group.pl.
Neil
Received on Mon Jul 25 2005 - 09:42:05 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:03 MDT