[Samba] Apache, Winbind and NT Domain Groups
Vanderborght Peter
peter.vanderborght at capco.com
Thu Apr 25 05:47:11 GMT 2002
Strange, 'cause here it's really not behaving like it should.
-----Original Message-----
From: Stian B. Barmen [mailto:stian at barmen.nu]
Sent: Thursday, April 25, 2002 1:27 PM
To: 'Vanderborght Peter'; 'SAMBA LIST (E-mail)'
Subject: RE: [Samba] Apache, Winbind and NT Domain Groups
Hi!
I have winbind on a Mandrake 8.2 computer with samba-2.2.3a installed
with urpmi, precompiled. I also addeded winbind via urpmi. On my
computer this setup has not caused me any unstability.
I use the machine for logging on to a w2k domain with ssh.
Regards
Stian B. Barmen
-----Original Message-----
From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]
On Behalf Of Vanderborght Peter
Sent: 25. april 2002 13:04
To: SAMBA LIST (E-mail)
Subject: [Samba] Apache, Winbind and NT Domain Groups
Hi all,
I'm having a stability problem with winbind when I try to resolve NT
groups.
Allow me to explain my application:
I've got a Mandrake 8.1 box running Samba 2.2.3a (downloaded and
compiled
myself) and Apache 1.3.
I'm building a web application for use within our company that needs to
be
accessible ONLY to users in certain NT groups.
To do this, I'm authenticating in 2 parts:
- First I use the perl module Apache-AuthenNTLM to check that
the
user is a valid user in our domain and the password is correct.
- Then I use Apache-AuthzPasswd (a bit modified) which uses the
getgrgid() call to get the list of all users in a certain group.
This works because I have Winbind set up so I can resolve my
NT
groups on the linux box.
The problem I have is that Winbind seems to misbehave in about 10% of
all
requests.
What I have is either
- The list of users in a group is incomplete
- I get a "Group does not exist" error code back
This phenomenon is the same when -- in a unix shell -- I do "id
DOM_User"
(I've got my Winbind separator set to _).
AND when I get this issue for a specific user, then it stays that way
for
that user until I restart Winbindd...
I've tried fiddling with "winbind cache time, winbind enum groups and
winbind enum users" which seems to affect the issue somewhat, but never
to a
point that it's
completely resolved. (Eg. setting 'winbind enum groups = no' makes that
it
doesn't work in 90%¨of the cases)
Any help would be greatly appreciated!
Regards,
Peter
************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, please notify the sender of this email
immediately. You should not copy, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Capco.
http://www.capco.com
***********************************************************************
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
************************************************************************
The information in this email is confidential and is intended solely
for the addressee(s).
Access to this email by anyone else is unauthorised. If you are not
an intended recipient, please notify the sender of this email
immediately. You should not copy, use or disseminate the
information contained in the email.
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Capco.
http://www.capco.com
***********************************************************************
More information about the samba
mailing list