first the basics: we use squid 2.6stable16, samba/winbind 3.0.24.
squid is configured to use ntlm_auth via winbind. ntlm/winbind is use
for authentication, to restrict internet access (autorization) we use a
static export of nt/ad-groups via text file.
i am thinking in changing this to use wbinfo_group to skip the static
export. one reason is: we provide squid services for many subsidiaries.
each use local groups, eg 001_surfer, 002_surfer, 003_surfer eg. in the
AD there is a nested group www_surfer, which contains 001_surfer and so
on. so a user member of 001_surfer should is also member of surfer. our
static export for each subsidiary only exports the 00x... groups.
wbinfo_group only check against the 00x... groups. i don't get any OK if
checking against the group "surfer".
tried wbinfo, when doing wbinfo -r USERNAME i only the the 00x_surfer
groups but not the surfer group???
so the question is: how can i use ntlm_auth, winbind and wbinfo_group to
authorize against nested groups in an windows AD?
any hints?
thanxs
markus
Received on Fri Oct 19 2007 - 03:11:37 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT