[Samba] Multiple Group checking using ntlm_auth

Ian Barnes barnracoon at gmail.com
Tue Sep 12 06:38:43 GMT 2006


We are running Squid version:  2.5.STABLE13 and Samba version: Version

We have it setup to use NTLM to check that the user belongs to a group
within the domain. The need has arrisen to be able to support multiple
groups. Is this possible?

Our squid.conf section:
auth_param ntlm program /ntlm_auth.sh ntlmssp
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm children 20
auth_param ntlm use_ntlm_negotiate on
auth_param basic program /ntlm_auth.sh basic
auth_param basic children 20
auth_param basic realm SERVER.DOMAIN.CO.ZA Cache NTLM Authentication
auth_param basic credentialsttl 2 hours

Our smb.conf:
winbind separator = +
winbind cache time = 10
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
client ntlmv2 auth=yes

Our ntlm auth line ($W will be either basic or ntlmssp per the squid config

Now, I have a second group DOMAIN+managers that also needs to be allowed out
and AD wont change it to have the same security group.


More information about the samba mailing list