[Samba] Multiple Group checking using ntlm_auth
Felipe Augusto van de Wiel
felipe at paranacidade.org.br
Mon Sep 18 13:34:32 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/12/2006 03:38 AM, Ian Barnes escreveu:
> Hi,
> We are running Squid version: 2.5.STABLE13 and Samba version: Version
> 3.0.21b
>
> We have it setup to use NTLM to check that the user belongs to a group
> within the domain. The need has arrisen to be able to support multiple
> groups. Is this possible?
Ok, I don't have a NTLM auth working but I have an idea. :)
> Our squid.conf section:
> auth_param ntlm program /ntlm_auth.sh ntlmssp
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> auth_param ntlm children 20
> auth_param ntlm use_ntlm_negotiate on
> auth_param basic program /ntlm_auth.sh basic
> auth_param basic children 20
> auth_param basic realm SERVER.DOMAIN.CO.ZA Cache NTLM Authentication
> auth_param basic credentialsttl 2 hours
>
> Our smb.conf:
> [global]
> winbind separator = +
> winbind cache time = 10
> workgroup=DOMAIN
> security=ads
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind use default domain = yes
> realm=SERVER.DOMAIN.CO.ZA
> client ntlmv2 auth=yes
>
> Our ntlm auth line ($W will be either basic or ntlmssp per the squid config
> file):
> /usr/local/bin/ntlm_auth
> --helper-protocol=squid-2.5-$W--require-membership-of='DOMAIN+webusers'
Is this a script? Can you pass a parameter to it? You could
easily pass the 'require-membership-of' as a parameter of your script.
> Now, I have a second group DOMAIN+managers that also needs to be allowed
> out
> and AD wont change it to have the same security group.
> Thanks,
> Ian
Kind regards,
- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFFDqBoCj65ZxU4gPQRAiQaAKCs1CXTVsdT7DK2JaBNq6NorI829gCfTH9e
/2YHoL9UqSs3CmhGMy0uSVY=
=C5pV
-----END PGP SIGNATURE-----
More information about the samba
mailing list