Question on ntlm_auth tool

Yimin Chen ymchen at
Thu Sep 9 23:18:47 GMT 2004

Hi Andrew,

Thanks for the clarification!

I was trying to evaluate which API I can use to do NTLM authentication 
and group authorization. ntlm_auth was the first one I was looking at, 
since it is the one squid uses. Since this protocol doesn't exist today, 
I can still use:
  winbindd_request(WINBINDD_GETGROUPS, &request, &response) to manually 
retrieve the group sids, right?

Is there an API that I can use to retrieve a list of group names instead 
of group sids, given username?


Andrew Bartlett wrote:
> On Fri, 2004-09-10 at 08:13, Yimin Chen wrote:
>>I am looking at the man page of ntlm_auth tool, and didn't find an 
>>option to retrieve group information of the user. Does this mean only if 
>>we pass the group access list information for the API to match group 
>>information internally, that we can make use of the tool to do NTLM 
>>authentcation + group access list?
> I am quite willing to add a new protocol that exports the group lists,
> or potentially (in consultation with the squid team) add this additional
> features to the existing squid-2.5-ntlmssp 'protocol'.
> The information is all there, as you know, so it would not be a big
> patch to pull out a string-converted list of SIDs.
> (I would do this by passing them in the 'extra_data' of the winbindd
> pipe protocol, separated from the username by a NULL, for example).
> Andrew Bartlett

More information about the samba-technical mailing list