[Samba] Problems with 'ntlm_auth --require-membership-of' (samba:
message 1 of 10) using Samba 3.0.6
samba.10.matt_doran at spamgourmet.com
Sun Sep 19 09:08:59 GMT 2004
I didn't have the time to compile and test the pre-3.0.7 releases, but
just did some testing on the 3.0.7 release.... and it looks good.
The ntlm_auth "--require-membership-of" option appears to work as
expected. This will make it really easy to use squid in fairly
sophisticated access policy.
Thanks for your help,
PaperCut Software Pty. Ltd.
Andrew Bartlett - abartlet at samba.org wrote:
>On Tue, 2004-09-07 at 23:08, Matt Doran wrote:
>>I'm trying to configure Squid to use a windows domain for
>>authentication, and all goes well until I add the
>>"--require-membership-of" option on ntlm_auth. I need to restrict
>>access based on group membership, however ntlm_auth does not seem to be
>>behaving correctly. I'm using Samba 3.0.6 on Debian and I'm using a
>>Windows 2000 (SP4) Domain Controller. I configured winbind as discussed
>>ntlm_auth seems to report the membership of some groups correctly, but
>>incorrectly for others.
>You are actually lucky it didn't segfault. There are a number of logic
>bugs, the fixes for which I think didn't make 3.0.6. Try current SVN,
>but I suspect we might need some extra code to correctly pick up the
>universal groups. (We know how to do it, so it's a simple matter of
>programming - bug #1562.)
More information about the samba