On Fri, 2005-09-30 at 09:28 -0700, Michael St. Laurent
wrote:> Hi all,
>
> I'm having trouble getting ntlm_auth working with the
> "--require-membership-of=" option. I did rebuild the Samba RPM
so that it
> had the --enable-auth="ntlm,basic" and
> --enable-external-acl-helpers="wbinfo_group" settings. The
command line
> test for the squid-2.5-basic protocol returns an "OK". The one
using the
> squid-2.5-ntlmssp protocol returns what looks like a line that should be
> going to a log file and then a "BH". Any time that I add the
> --require-membership parameter to the ntlm_auth line in my squid.conf file
> it fails every time. Below are the config lines I'm using:
>
> # Experimental Domain Authentication
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> --require-membership-of=MERCURY\WebAccess
My gut feeling is to look at the \, and see if is being interpreted as
an escape. That could make the group name fail to resolve.
The safer way (no nasty \ characters, and some safer startup semantics)
is to resolve the group to a SID first, and have
--require-membership-of=S-1-2....
This avoids doing the name->sid call at startup.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20051003/f3e28ce3/attachment.bin