Search squid archive

Need help on group authentication on a multi-domain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,
I'm runing squid 2.5Stable 9 on a solaris 8 and Samba 3.0.14a, and I'm
running into a multi-domain system, I have a trust from one server to the
3others domain.

And I have some trouble with the group authentication with NTLM, the
authentication is working fine for any user but when I try to use the
external_helper NT_global_group, it only test the first group on the line
not all !!

here is my config:

# Authentication scheme
## basic auth
auth_param basic program /opt/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ba
sic
auth_param basic children 64
auth_param basic credentialsttl 2 hours
auth_param basic realm CAI Internet access control Gen\350ve
## NTLM auth
auth_param ntlm program /opt/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ntl
mssp
auth_param ntlm children 64
auth_param ntlm max_challenge_lifetime 30 minutes
auth_param ntlm max_challenge_reuses 0

authenticate_cache_garbage_interval 10 minute
authenticate_ttl 10 minute
external_acl_type NT_global_group %LOGIN /opt/squid/libexec/wbinfo_group.pl

acl techuser external NT_global_group D-CH-BI1\SurfeursWebCAICH-T
acl webuser external NT_global_group D-CH-BI1\SurfeursWebCAICH
D-CH-BI1\SurfeursWebCAICH-T

acl cai-auth proxy_auth REQUIRED

http_access deny ftp !techuser
http_access allow cai-auth webuser
http_access deny all


and here is a debug of the wbinfo_group.pl
2005/06/16 15:54:42| storeLateRelease: released 0 objects
Got d-ch-bi1\\bi9yj D-CH-BI1\\SurfeursWebCAICH D-CH-BI1\\SurfeursWebCAICH-T
from squid
User:  -d-ch-bi1\bi9yj-
Group: -D-CH-BI1\SurfeursWebCAICH-
SID:   -S-1-5-21-907243726-1387878072-1859928627-9560 Domain Group (2)-
GID:   -10013-
Sending ERR to squid

I'm a member of the group SurfeursWebCAICH-T, not from the group
SurfeursWebCAICH, but it won't test it.

Anyonw know how I can make this procedure to work ?

thanks for your help if you can !

regards,
Arno Streuli
Crédit Agricole (Suisse) SA
Chemin de Bérée 46-48, ch-1010 Lausanne 10
Tél. +41 58 321.5215 - Fax +41 58 321.5251
http://www.ca-suisse.com



******************************************************************
DISCLAIMER - E-MAIL
-------------------
The information contained in this E-Mail is intended for the named
recipient(s). It may  contain certain  privileged and confidential
information, or  information  which  is  otherwise  protected from
disclosure. If  you  are  not the intended recipient, you must not
copy,distribute or take any action in reliance on this information
******************************************************************


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux