[Samba] winbindd lookup failure
Kevin Kobb
kkobb at skylinecorp.com
Thu May 13 20:31:17 GMT 2004
Hello all,
I am Samba to authenticate users in Windows 2000 AD to a Squid proxy
server. I have Red Hat 9, Samba 3.04, and Squid 2.5 Stable3.
I have followed the FAQs and docs as closely as possible, and everything
went pretty much without a problem. The only hangup I am having is
trying to restrict access to the proxy to members of a single AD group.
In my squid.conf I have,
auth_param ntlm program /usr/bin/ntlm_auth \
--helper-protocol=squid-2.5-ntlmssp
that works fine.
In the Samba docs they indicate you can do this,
auth_param ntlm program /usr/bin/ntlm_auth \
--helper-protocol=squid-2.5-ntlmssp \
--require-membership-of='DOMAIN/Group'
When I try that though, I get these errors in cache.log
utils/ntlm_auth.c:get_require_membership_sid(237)
Winbindd lookupname failed to resolve 'DOMAIN/Group' into a SID!
If I do wbinfo -n Group, I get a sid and wbinfo -s "sid" gives me the group.
I have gone through mailing list and seen some people that indicate you
can use an external helper like wbinfo_group.pl, but I just wondered if
second squid.conf setting I got from the Samba docs is known to work, or
if there is something else I need to look at?
More information about the samba
mailing list