[Samba] Problems with 'ntlm_auth --require-membership-of'
using Samba 3.0.6
Andrew Bartlett
abartlet at samba.org
Wed Sep 8 13:15:33 GMT 2004
On Tue, 2004-09-07 at 23:08, Matt Doran wrote:
> Hi there,
>
> I'm trying to configure Squid to use a windows domain for
> authentication, and all goes well until I add the
> "--require-membership-of" option on ntlm_auth. I need to restrict
> access based on group membership, however ntlm_auth does not seem to be
> behaving correctly. I'm using Samba 3.0.6 on Debian and I'm using a
> Windows 2000 (SP4) Domain Controller. I configured winbind as discussed
> here: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5
>
> ntlm_auth seems to report the membership of some groups correctly, but
> incorrectly for others.
You are actually lucky it didn't segfault. There are a number of logic
bugs, the fixes for which I think didn't make 3.0.6. Try current SVN,
but I suspect we might need some extra code to correctly pick up the
universal groups. (We know how to do it, so it's a simple matter of
programming - bug #1562.)
Andrew Bartlett
--
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040908/225e937f/attachment.bin
More information about the samba
mailing list