[Samba] winbindd lookup failure

[Kevin Kobb]

Hello all,

I am Samba to authenticate users in Windows 2000 AD to a Squid proxy 
server. I have Red Hat 9, Samba 3.04, and Squid 2.5 Stable3.

I have followed the FAQs and docs as closely as possible, and everything 
went pretty much without a problem. The only hangup I am having is 
trying to restrict access to the proxy to members of a single AD group.

In my squid.conf I have,

auth_param ntlm program /usr/bin/ntlm_auth \ 
         --helper-protocol=squid-2.5-ntlmssp

that works fine.

In the Samba docs they indicate you can do this,
auth_param ntlm program /usr/bin/ntlm_auth \ 
         --helper-protocol=squid-2.5-ntlmssp \
--require-membership-of='DOMAIN/Group'

When I try that though, I get these errors in cache.log

utils/ntlm_auth.c:get_require_membership_sid(237)
   Winbindd lookupname failed to resolve 'DOMAIN/Group' into a SID!

If I do wbinfo -n Group, I get a sid and wbinfo -s "sid" gives me the group.

I have gone through mailing list and seen some people that indicate you 
can use an external helper like wbinfo_group.pl, but I just wondered if 
second squid.conf setting I got from the Samba docs is known to work, or 
if there is something else I need to look at?