[Samba] Trouble with ntlm_auth
Andrew Bartlett
abartlet at samba.org
Mon Oct 3 04:26:36 GMT 2005
On Fri, 2005-09-30 at 09:28 -0700, Michael St. Laurent wrote:
> Hi all,
>
> I'm having trouble getting ntlm_auth working with the
> "--require-membership-of=" option. I did rebuild the Samba RPM so that it
> had the --enable-auth="ntlm,basic" and
> --enable-external-acl-helpers="wbinfo_group" settings. The command line
> test for the squid-2.5-basic protocol returns an "OK". The one using the
> squid-2.5-ntlmssp protocol returns what looks like a line that should be
> going to a log file and then a "BH". Any time that I add the
> --require-membership parameter to the ntlm_auth line in my squid.conf file
> it fails every time. Below are the config lines I'm using:
>
> # Experimental Domain Authentication
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> --require-membership-of=MERCURY\WebAccess
My gut feeling is to look at the \, and see if is being interpreted as
an escape. That could make the group name fail to resolve.
The safer way (no nasty \ characters, and some safer startup semantics)
is to resolve the group to a SID first, and have
--require-membership-of=S-1-2....
This avoids doing the name->sid call at startup.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051003/f3e28ce3/attachment.bin
More information about the samba
mailing list