[Samba] Re: ntml_auth --require-membership-of
Rex Dieter
rdieter at math.unl.edu
Thu Jan 19 18:42:04 GMT 2006
Andrew Bartlett wrote:
> On Wed, 2006-01-18 at 10:21 -0600, Rex Dieter wrote:
>
>>Rex Dieter wrote:
>>
>>>Rex Dieter wrote:
>>>>I'm having trouble getting ntml_auth to recognize ActiveDirectory
>>>>groups that aren't in AD\Users. In particular, we've a few groups in
>>>>our department OU that I'd like to be able to use. If I specify any
>>>>of our OU-specific groups, using something like:
>>>># ntlm_auth --username=foo --require-membership-of="AD\OUGroup1"
>>>>password:
>>>>I get:
>>>>Winbindd lookupname failed to resolve AD\OUGroup1 into a SID!
>>>Turns out using
>>>wbinfo --name-to-sid=OUGroup1
>>So my question is: why can wbinfo resolve the name to a SID, but
>>ntlm_auth can't?
> Sometimes this is a problem of timing, as ntlm_auth does this when squid
> is starting.
I'm skeptical. I repeated this on several occasions on several
different boxes. ntlm-auth *always* failed the same way when trying to
resolve Groups not in the top-level AD\Users OU.
-- rex
More information about the samba
mailing list