[Samba] Problems with 'ntlm_auth --require-membership-of' (samba:
message 1 of 10) using Samba 3.0.6
Matt Doran
samba.10.matt_doran at spamgourmet.com
Sun Sep 19 09:08:59 GMT 2004
Andrew,
I didn't have the time to compile and test the pre-3.0.7 releases, but
just did some testing on the 3.0.7 release.... and it looks good.
The ntlm_auth "--require-membership-of" option appears to work as
expected. This will make it really easy to use squid in fairly
sophisticated access policy.
Thanks for your help,
--
Matt Doran
PaperCut Software Pty. Ltd.
Web: http://www.papercut.biz
Blog: http://blogs.papercutsoftware.com/matt.doran/
Andrew Bartlett - abartlet at samba.org wrote:
>On Tue, 2004-09-07 at 23:08, Matt Doran wrote:
>
>
>>Hi there,
>>
>>I'm trying to configure Squid to use a windows domain for
>>authentication, and all goes well until I add the
>>"--require-membership-of" option on ntlm_auth. I need to restrict
>>access based on group membership, however ntlm_auth does not seem to be
>>behaving correctly. I'm using Samba 3.0.6 on Debian and I'm using a
>>Windows 2000 (SP4) Domain Controller. I configured winbind as discussed
>>here: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5
>>
>>ntlm_auth seems to report the membership of some groups correctly, but
>>incorrectly for others.
>>
>>
>
>You are actually lucky it didn't segfault. There are a number of logic
>bugs, the fixes for which I think didn't make 3.0.6. Try current SVN,
>but I suspect we might need some extra code to correctly pick up the
>universal groups. (We know how to do it, so it's a simple matter of
>programming - bug #1562.)
>
>Andrew Bartlett
>
>
>
More information about the samba
mailing list