[Samba] Problems with 'ntlm_auth --require-membership-of' using Samba 3.0.6

Andrew Bartlett abartlet at samba.org
Wed Sep 8 13:15:33 GMT 2004


On Tue, 2004-09-07 at 23:08, Matt Doran wrote:
> Hi there,
> 
> I'm trying to configure Squid to use a windows domain for 
> authentication, and all goes well until I add the 
> "--require-membership-of" option on ntlm_auth.   I need to restrict 
> access based on group membership, however ntlm_auth does not seem to be 
> behaving correctly.  I'm using Samba 3.0.6 on Debian and I'm using a 
> Windows 2000 (SP4) Domain Controller.  I configured winbind as discussed 
> here: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5
> 
> ntlm_auth seems to report the membership of some groups correctly, but 
> incorrectly for others.

You are actually lucky it didn't segfault.  There are a number of logic
bugs, the fixes for which I think didn't make 3.0.6.  Try current SVN,
but I suspect we might need some extra code to correctly pick up the
universal groups.  (We know how to do it, so it's a simple matter of
programming - bug #1562.)

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040908/225e937f/attachment.bin


More information about the samba mailing list