I'm having trouble getting ntml_auth to recognize ActiveDirectory groups that aren't in AD\Users. In particular, we've a few groups in our department OU that I'd like to be able to use. If I specify any of our OU-specific groups, using something like: # ntlm_auth --username=foo --require-membership-of="AD\OUGroup1" password: I get: Winbindd lookupname failed to resolve AD\OUGroup1 into a SID! Am I doing something wrong, or is this a bug in ntlm_auth? -- Rex
Rex Dieter wrote:> I'm having trouble getting ntml_auth to recognize ActiveDirectory groups > that aren't in AD\Users. In particular, we've a few groups in our > department OU that I'd like to be able to use. If I specify any of our > OU-specific groups, using something like: > # ntlm_auth --username=foo --require-membership-of="AD\OUGroup1" > password: > I get: > Winbindd lookupname failed to resolve AD\OUGroup1 into a SID!Turns out using wbinfo --name-to-sid=OUGroup1 and using the resulting SID instead of name in # ntlm_auth --username=foo --require-membership-of=S-1-... works. ?? -- Rex