Question on ntlm_auth tool
abartlet at samba.org
Thu Sep 9 23:22:44 GMT 2004
On Fri, 2004-09-10 at 09:05, Yimin Chen wrote:
> Hi Andrew,
> Thanks for the clarification!
> I was trying to evaluate which API I can use to do NTLM authentication
> and group authorization. ntlm_auth was the first one I was looking at,
> since it is the one squid uses. Since this protocol doesn't exist
> today, I can still use:
> winbindd_request(WINBINDD_GETGROUPS, &request, &response) to manually
> retrieve the group sids, right?
> Is there an API that I can use to retrieve a list of group names
> instead of group sids, given username?
I would strongly suggest you *don't* call winbindd directly. Firstly,
the getgroups is not an ideal call, due to posix conversions that occour
(if you want to match with windows groups, there are more points of
failure if you must first convert to posix uid/gid form).
But more seriously, the winbindd pipe interface changes, this is why I
added ntlm_auth - it was driving the squid team batty :-)
Work with me to add the extensions we require to ntlm_auth, and use
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040910/29a355b7/attachment.bin
More information about the samba-technical