similar to: NTLM_AUTH "require-membership-of" local groups?

Hola folks, How do I configure a share under Samba 2.2 using DOMAIN security to allow all members of a specified NT domain group access to a particular share? For example, something like: [test] comment = Test Share path = /mnt/share/test nt group = Nice-users, Wonderful Users Where Nice-users and Wonderful Users are NT domain groups? So if User X is a member of Nice-users, she would be

Hi there, I'm trying to configure Squid to use a windows domain for authentication, and all goes well until I add the "--require-membership-of" option on ntlm_auth. I need to restrict access based on group membership, however ntlm_auth does not seem to be behaving correctly. I'm using Samba 3.0.6 on Debian and I'm using a Windows 2000 (SP4) Domain Controller. I

Hi, The latest samba from sernet was installed on a new CentOS server. ntlm_auth is implemented with pptpd. ntlm_auth always return success whenever group, username and password are correct. No matter the user is in the group or not. Is it a bug or I missed something? The following is detail of my settings and testing result from command line. OS: CentOS 6.4 Samba version:

After parsing through the various bits of available documentation, I'm forced to bow before the group and ask the following Silly User Question: While I can create and set NT ACLs on files/folder, anything in the root of the share can be deleted by any user who has access to that share. I've munged something in my file permissions. What /should/ the file permissions for a root share

That is client setup. We have that under control. Our Linux users use Network Manager to connect and our Windows users use the stuff built into Windows. My problem is server-side. The server is a PPTP VPN (running via pptpd) and I have to add the lines below to make it work. plugin winbind.so ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1" Now, that allows ALL

Hi all, I'm having trouble getting ntlm_auth working with the "--require-membership-of=" option. I did rebuild the Samba RPM so that it had the --enable-auth="ntlm,basic" and --enable-external-acl-helpers="wbinfo_group" settings. The command line test for the squid-2.5-basic protocol returns an "OK". The one using the squid-2.5-ntlmssp protocol

I am not sure how to determine the separator, but 'which' shows "/usr/bin/ntlm_auth". I already ran it while on-site. Since it is broken, I cannot remote in. I will have to show up on-site again, possibly Thursday. Lead IT/IS Specialist Reach Technology FP, Inc On 10/27/2015 01:41 PM, Michael Wandel wrote: > Hey, > > On 27.10.2015 17:53, Ryan Ashley wrote: >>

Thank you, Rowland. I will be going by this afternoon and I will check. The thing is, if it IS "\", how do I enter that into the pptp-options file? The entire list of parameters are in quotes, so do I need a double-backslah or anything? Lead IT/IS Specialist Reach Technology FP, Inc On 10/27/2015 05:21 PM, Rowland Penny wrote: > On 27/10/15 21:05, Ryan Ashley wrote: >> I am

Hello all Im using a linux box running CentOS 4.1 as a proxy server with user auth with an AD Its working for a long time, but suddenly this weekend the users cant authenticate anymore looking on logs i obtain this Oct 10 08:29:59 sol (ntlm_auth): [2005/10/10 08:29:59, 0] utils/ntlm_auth.c:get_require_membership_sid(237) Oct 10 08:29:59 sol (ntlm_auth): Winbindd lookupname failed to resolve

Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba: > Dear All, > > I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. > > The errors I'm getting are to do with ntlm_auth not

Op 03-04-2023 om 16:05 schreef Tim ODriscoll via samba: > Dear All, > > I'm trying to setup FreeRADIUS to authenticate a machine account to grant access to wifi for domain-connected machines. I think I've got the GPO's set up properly and the CA deployed to the clients, as I'm not getting any errors there. > > The errors I'm getting are to do with ntlm_auth not

On Thu, 2018-09-27 at 12:27 +0200, L.P.H. van Belle via samba wrote: > Hai marco,  > > More info on squid config might help here and no smb.conf..  > Ahead of things...   > > And you better use something like this, change to negotiate auth. ( > and use SSO ).  > > auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \ >     --kerberos

I've not clear if is a squid or a samba/ntlm_auth trouble... indeed... In Squid i've added: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users' auth_param ntlm children 5 but in 'cache.log' i got: Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID! Winbindd

Hi, We are running Squid version: 2.5.STABLE13 and Samba version: Version 3.0.21b We have it setup to use NTLM to check that the user belongs to a group within the domain. The need has arrisen to be able to support multiple groups. Is this possible? Our squid.conf section: auth_param ntlm program /ntlm_auth.sh ntlmssp auth_param ntlm max_challenge_reuses 0 auth_param ntlm

Hello, I'm setting up (at least I try) to set up network services with single sign on. I could build and configure dovecat to use samba's ntlm_auth helper to achieve ntlm authentication of imap users. The point is, I wanted to restrict which users could actually authenticate through ntlm. The ntlm_auth helper has this ability with the --require-membership-of=... command line parameter. I

Jeremy, Thanks for this feedback. I will include this info as soon as I get a moment. Good work. - John T. --- John H Terpstra Samba-Team email: jht@samba.org > -------- Original Message -------- > Subject: TOSHARG: Samba ADS domain membership notes > From: "Jeremy Naylor" <jnaylor@gmail.com> > Date: Wed, October 13, 2004 5:27 am > To: jht@samba.org > > Hi

Rowland, I tried that already, but I made two break-throughs. First, I went to a location where it was working. I realized then that I had put in the SID for the PPTP group at that location. You know, the "S-1-15-xyz" number? Now while I was there, I noted that they were running 4.1 stable. I upgraded them to 4.3 stable. Guess what? The VPN broke! Something with ntlm_auth and 4.3 stable

Hi, I am using samba 3.2.2 with freeradius . I have joined the domain & able to authenticate users with ntlm_auth. If in ADS-2003 I configure the Remote Access Permission for the user ( User-properties->Dial-in ) as Deny then if I use the "ntlm_auth --username=user --password=password" I get NT_STATUS_OK. What could be the reason for this behavior , or is there any patch

Hi List, I'm running a heavily loaded squid server that uses ntlm_auth to provide NTLM authentication. As load has increased over time, I've found the need to increase the number of ntlm_auth processes available to squid as well as the "winbind max clients" value in the smb.conf file. This has worked well up until now but seems I've hit some sort of limit. If I keep the

Hello, I'm trying to authenticate PPP (in fact l2tp...) users with Active Directory (windows server 2003 DCs, mixed-mode domain) using winbind / ntlm_auth. I'm using Samba 3.0.22, PPP 2.4.3, Kerberos 1.3.6, with Trustix 2.2 What works : - krb5kinit (and krb5klist -e) - net ads join - wbinfo -u, wbinfo -g, wbinfo -a user%pwd, wbinfo -p, wbinfo -t and wbinfo -m - getent passwd and