Question on ntlm_auth tool
Yimin Chen
ymchen at cisco.com
Thu Sep 9 23:05:50 GMT 2004
Hi Andrew,
Thanks for the clarification!
I was trying to evaluate which API I can use to do NTLM authentication and
group authorization. ntlm_auth was the first one I was looking at, since it
is the one squid uses. Since this protocol doesn't exist today, I can still
use:
winbindd_request(WINBINDD_GETGROUPS, &request, &response) to manually
retrieve the group sids, right?
Is there an API that I can use to retrieve a list of group names instead of
group sids, given username?
Thanks!
Yimin
At 08:50 AM 9/10/2004 +1000, Andrew Bartlett wrote:
>On Fri, 2004-09-10 at 08:13, Yimin Chen wrote:
> > Hi,
> >
> > I am looking at the man page of ntlm_auth tool, and didn't find an
> > option to retrieve group information of the user. Does this mean only if
> > we pass the group access list information for the API to match group
> > information internally, that we can make use of the tool to do NTLM
> > authentcation + group access list?
>
>I am quite willing to add a new protocol that exports the group lists,
>or potentially (in consultation with the squid team) add this additional
>features to the existing squid-2.5-ntlmssp 'protocol'.
>
>The information is all there, as you know, so it would not be a big
>patch to pull out a string-converted list of SIDs.
>
>(I would do this by passing them in the 'extra_data' of the winbindd
>pipe protocol, separated from the username by a NULL, for example).
>
>Andrew Bartlett
>
>--
>Andrew Bartlett abartlet at samba.org
>Authentication Developer, Samba Team http://samba.org
>Student Network Administrator, Hawker College abartlet at hawkerc.net
More information about the samba-technical
mailing list