Question on ntlm_auth tool

Andrew Bartlett abartlet at samba.org
Thu Sep 9 23:22:44 GMT 2004


On Fri, 2004-09-10 at 09:05, Yimin Chen wrote:
> Hi Andrew,
> 
> Thanks for the clarification! 
> 
> I was trying to evaluate which API I can use to do NTLM authentication
> and group authorization. ntlm_auth was the first one I was looking at,
> since it is the one squid uses. Since this protocol doesn't exist
> today, I can still use:
>  winbindd_request(WINBINDD_GETGROUPS, &request, &response) to manually
> retrieve the group sids, right? 
> 
> Is there an API that I can use to retrieve a list of group names
> instead of group sids, given username?

I would strongly suggest you *don't* call winbindd directly.  Firstly,
the getgroups is not an ideal call, due to posix conversions that occour
(if you want to match with windows groups, there are more points of
failure if you must first convert to posix uid/gid form).  

But more seriously, the winbindd pipe interface changes, this is why I
added ntlm_auth - it was driving the squid team batty :-)

Work with me to add the extensions we require to ntlm_auth, and use
that.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040910/29a355b7/attachment.bin


More information about the samba-technical mailing list