Sorisio, Chris
2004-Dec-15 15:53 UTC
[Samba] NTLM_AUTH "require-membership-of" local groups?
I'm running Samba 3.0.9 on Fedora Core. I can authenticate against global groups via ntlm_auth, but authentication against local groups fails. Our network consists of multiple NT 4.0 domains. 1. Can ntlm_auth authenticate against local groups, or is it limited to global groups? 2. Can multiple global groups be designated as arguments to 'require-membership-of' in an 'OR' fashion? (If the user is a member of any of the listed groups, the check succeeds. We're going to consolidate our domains "someday", but for now I'm stuck with about six. Thanks, Chris
Andrew Bartlett
2004-Dec-21 20:41 UTC
[Samba] NTLM_AUTH "require-membership-of" local groups?
On Wed, 2004-12-15 at 10:52 -0500, Sorisio, Chris wrote:> I'm running Samba 3.0.9 on Fedora Core. > > I can authenticate against global groups via ntlm_auth, but authentication > against local groups fails. > > Our network consists of multiple NT 4.0 domains. > > 1. Can ntlm_auth authenticate against local groups, or is it limited to > global groups?Currently global groups. I never got my head around the implementation of local groups in winbindd to hook them in properly. It should not be hard, but it just needs to be done. (We just need to expand the group list before we start the required-membership check).> 2. Can multiple global groups be designated as arguments to > 'require-membership-of' in an 'OR' fashion? (If the user is a member of any > of the listed groups, the check succeeds.No, it's a one-group wonder. Perhaps you really want a squid ACL? (I presume this is for squid). Andrew Bartlett -- Andrew Bartlett <abartlet@samba.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20041222/3259d278/attachment.bin