[Samba] [OT?] passing group name with spaces to ntlm_auth...

L.P.H. van Belle belle at bazuin.nl
Thu Sep 27 10:27:49 UTC 2018 

Hai marco, 

More info on squid config might help here and no smb.conf.. 
Ahead of things...  

And you better use something like this, change to negotiate auth. ( and use SSO ). 

auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
    --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy1.internal.domain.tld at REALM \
    #Or if you dont have the SPN set. --kerberos /usr/lib/squid/negotiate_kerberos_auth  -r -i -s GSS_C_NO_NAME \ 
    --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOM

And use ldap for the groups. Amos explain these thing better then me ;-) 
Google this : [squid-users] external_acl_type LDAP for acl NOT related to auth
And Re: [squid-users] Any suggestions or comments about my configuration? squid 3.5.20
And you have a good group example ;-), 2 resent answered questions with some very good group examples. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Gaiarin via samba
> Verzonden: donderdag 27 september 2018 12:12
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] [OT?] passing group name with spaces to 
> ntlm_auth...
> 
> 
> I've not clear if is a squid or a samba/ntlm_auth trouble... indeed...
> 
> In Squid i've added:
> 
> 	auth_param ntlm program /usr/bin/ntlm_auth 
> --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG 
> --require-membership-of='LNFFVG\Domain Users'
> 	auth_param ntlm children 5
> 
> but in 'cache.log' i got:
> 
> 	Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID!
> 	Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID!
> 
> I've tried some escape tecniques for the space character, but 
> with no luck. Leaving simply:
> 
> 	auth_param ntlm program /usr/bin/ntlm_auth 
> --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG
> 
> works.
> 
> 
> There's some hint? Thanks.
> 
> -- 
> dott. Marco Gaiarin				        GNUPG 
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al 
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   
> f +39-0434-842797
> 
> 		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> 	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list