Hi all, I'm runing squid 2.5Stable 9 on a solaris 8 and Samba 3.0.14a, and I'm running into a multi-domain system, I have a trust from one server to the 3others domain. And I have some trouble with the group authentication with NTLM, the authentication is working fine for any user but when I try to use the external_helper NT_global_group, it only test the first group on the line not all !! here is my config: # Authentication scheme ## basic auth auth_param basic program /opt/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ba sic auth_param basic children 64 auth_param basic credentialsttl 2 hours auth_param basic realm CAI Internet access control Gen\350ve ## NTLM auth auth_param ntlm program /opt/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntl mssp auth_param ntlm children 64 auth_param ntlm max_challenge_lifetime 30 minutes auth_param ntlm max_challenge_reuses 0 authenticate_cache_garbage_interval 10 minute authenticate_ttl 10 minute external_acl_type NT_global_group %LOGIN /opt/squid/libexec/wbinfo_group.pl acl techuser external NT_global_group D-CH-BI1\SurfeursWebCAICH-T acl webuser external NT_global_group D-CH-BI1\SurfeursWebCAICH D-CH-BI1\SurfeursWebCAICH-T acl cai-auth proxy_auth REQUIRED http_access deny ftp !techuser http_access allow cai-auth webuser http_access deny all and here is a debug of the wbinfo_group.pl 2005/06/16 15:54:42| storeLateRelease: released 0 objects Got d-ch-bi1\\bi9yj D-CH-BI1\\SurfeursWebCAICH D-CH-BI1\\SurfeursWebCAICH-T from squid User: -d-ch-bi1\bi9yj- Group: -D-CH-BI1\SurfeursWebCAICH- SID: -S-1-5-21-907243726-1387878072-1859928627-9560 Domain Group (2)- GID: -10013- Sending ERR to squid I'm a member of the group SurfeursWebCAICH-T, not from the group SurfeursWebCAICH, but it won't test it. Anyonw know how I can make this procedure to work ? thanks for your help if you can ! regards, Arno Streuli Crédit Agricole (Suisse) SA Chemin de Bérée 46-48, ch-1010 Lausanne 10 Tél. +41 58 321.5215 - Fax +41 58 321.5251 http://www.ca-suisse.com ****************************************************************** DISCLAIMER - E-MAIL ------------------- The information contained in this E-Mail is intended for the named recipient(s). It may contain certain privileged and confidential information, or information which is otherwise protected from disclosure. If you are not the intended recipient, you must not copy,distribute or take any action in reliance on this information ******************************************************************
