[Samba] Multiple Group checking using ntlm_auth
Ian Barnes
barnracoon at gmail.com
Tue Sep 12 06:38:43 GMT 2006
Hi,
We are running Squid version: 2.5.STABLE13 and Samba version: Version
3.0.21b
We have it setup to use NTLM to check that the user belongs to a group
within the domain. The need has arrisen to be able to support multiple
groups. Is this possible?
Our squid.conf section:
auth_param ntlm program /ntlm_auth.sh ntlmssp
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm children 20
auth_param ntlm use_ntlm_negotiate on
auth_param basic program /ntlm_auth.sh basic
auth_param basic children 20
auth_param basic realm SERVER.DOMAIN.CO.ZA Cache NTLM Authentication
auth_param basic credentialsttl 2 hours
Our smb.conf:
[global]
winbind separator = +
winbind cache time = 10
workgroup=DOMAIN
security=ads
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
realm=SERVER.DOMAIN.CO.ZA
client ntlmv2 auth=yes
Our ntlm auth line ($W will be either basic or ntlmssp per the squid config
file):
/usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-$W--require-membership-of='DOMAIN+webusers'
Now, I have a second group DOMAIN+managers that also needs to be allowed out
and AD wont change it to have the same security group.
Thanks,
Ian
More information about the samba
mailing list