[Samba] Winbind problem when exec freeradius

Andrew Bartlett abartlet at samba.org
Mon May 16 07:38:38 GMT 2005

On Mon, 2005-05-16 at 09:28 +0200, Javier Jimenez wrote:
> Hil list!
>   I'm trying to authenticate Active Directory Users via freeradius. I
> can do it in a general case (user and domain) without
> problem. Now I have to do it restricting the authentication to the
> members of a group.

> Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=javi2
> --require-membership-of='AAMM\MyGroup'  --domain=AAMM
> --challenge=6b480cf181ded625
> --nt-response=bce392db1fcd91380690317e7cd1228e78940576d78fde21
> [2005/05/16 09:05:57, 0] utils/ntlm_auth.c:get_require_membership_sid
> (237)
>  Winbindd lookupname failed to resolve 'AAMM\MyGroup' into a SID!

Looking at the source, the issue appears to be the quotes.  FreeRadius
does not go via a shell, which means that the ' characters are not
stripped off.  (The ntlm_auth source shows that this debug message is
printed without any quotes, which means you supplied them)

> Does anybody know why could it be happening? Thanks in advance for any help!!
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050516/d0f541e4/attachment.bin

More information about the samba mailing list