[Samba] NTLM_AUTH "require-membership-of" local groups?

Andrew Bartlett abartlet at samba.org
Tue Dec 21 20:41:06 GMT 2004


On Wed, 2004-12-15 at 10:52 -0500, Sorisio, Chris wrote:
> I'm running Samba 3.0.9 on Fedora Core.
> 
> I can authenticate against global groups via ntlm_auth, but authentication
> against local groups fails.
> 
> Our network consists of multiple NT 4.0 domains.
> 
> 1.  Can ntlm_auth authenticate against local groups, or is it limited to
> global groups?

Currently global groups.  I never got my head around the implementation
of local groups in winbindd to hook them in properly.  It should not be
hard, but it just needs to be done.  (We just need to expand the group
list before we start the required-membership check).

> 2.  Can multiple global groups be designated as arguments to
> 'require-membership-of' in an 'OR' fashion?  (If the user is a member of any
> of the listed groups, the check succeeds.

No, it's a one-group wonder.  Perhaps you really want a squid ACL?  (I
presume this is for squid).

Andrew Bartlett

-- 
Andrew Bartlett <abartlet at samba.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20041222/3259d278/attachment.bin


More information about the samba mailing list