[Samba] Re: ntml_auth --require-membership-of
simonj
simonj at gmail.com
Wed Mar 1 22:30:47 GMT 2006
Hey guys,
I have found that using a + as the seperator opposed to the slash in the
group name works.
IE: Sending "company+user pass" to
ntlm_auth --helper-protocol=squid-2.5-basic
--require-membership-of="company\internet"
returns
Could not parse company/internet into seperate domain/name parts!
but sending it to
ntlm_auth --helper-protocol=squid-2.5-basic
--require-membership-of="company+internet"
returns OK
I found this after looking through ntlm_auth.c and finding that it relies on
winbindd to provide the serperator. This maybe platform dependant, I have
not dug deeper.
The Man page is what thru me here as it states to use a backslash as the
seperator in the example.
Cheers,
Simon Woodward.
Andrew Bartlett wrote:
>
> On Thu, 2006-01-19 at 12:42 -0600, Rex Dieter wrote:
>> Andrew Bartlett wrote:
>> > On Wed, 2006-01-18 at 10:21 -0600, Rex Dieter wrote:
>> >
>> >>Rex Dieter wrote:
>> >>
>> >>>Rex Dieter wrote:
>>
>> >>>>I'm having trouble getting ntml_auth to recognize ActiveDirectory
>> >>>>groups that aren't in AD\Users. In particular, we've a few groups in
>> >>>>our department OU that I'd like to be able to use. If I specify any
>> >>>>of our OU-specific groups, using something like:
>> >>>># ntlm_auth --username=foo --require-membership-of="AD\OUGroup1"
>> >>>>password:
>> >>>>I get:
>> >>>>Winbindd lookupname failed to resolve AD\OUGroup1 into a SID!
>>
>> >>>Turns out using
>> >>>wbinfo --name-to-sid=OUGroup1
>>
>> >>So my question is: why can wbinfo resolve the name to a SID, but
>> >>ntlm_auth can't?
>>
>> > Sometimes this is a problem of timing, as ntlm_auth does this when
>> squid
>> > is starting.
>>
>> I'm skeptical. I repeated this on several occasions on several
>> different boxes. ntlm-auth *always* failed the same way when trying to
>> resolve Groups not in the top-level AD\Users OU.
>
> Interesting. It should be asking the same question as wbinfo -n....
>
> Can you chase this down a bit more, with the current code, and file a
> bug?
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Student Network Administrator, Hawker College http://hawkerc.net
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
View this message in context: http://www.nabble.com/ntml_auth---require-membership-of-t945220.html#a3193055
Sent from the Samba - General forum at Nabble.com.
More information about the samba
mailing list