[Samba] Trouble with ntlm_auth

Andrew Bartlett abartlet at samba.org
Mon Oct 3 04:26:36 GMT 2005

On Fri, 2005-09-30 at 09:28 -0700, Michael St. Laurent wrote:
> Hi all,
> I'm having trouble getting ntlm_auth working with the
> "--require-membership-of=" option.  I did rebuild the Samba RPM so that it
> had the --enable-auth="ntlm,basic" and
> --enable-external-acl-helpers="wbinfo_group" settings.  The command line
> test for the squid-2.5-basic protocol returns an "OK".  The one using the
> squid-2.5-ntlmssp protocol returns what looks like a line that should be
> going to a log file and then a "BH".  Any time that I add the
> --require-membership parameter to the ntlm_auth line in my squid.conf file
> it fails every time.  Below are the config lines I'm using:
> # Experimental Domain Authentication
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> --require-membership-of=MERCURY\WebAccess

My gut feeling is to look at the \, and see if is being interpreted as
an escape.  That could make the group name fail to resolve.  

The safer way (no nasty \ characters, and some safer startup semantics)
is to resolve the group to a SID first, and have

This avoids doing the name->sid call at startup.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20051003/f3e28ce3/attachment.bin

More information about the samba mailing list