Search squid archive

Re: Winbind group membership authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Neil Gaskell wrote:

Hi,

I'm new to the list so I hope I'm not asking one of those questions that gets asked ten times a week :)

I'm running Squid 2.5 Stable with Samba 3.03 on Fedora core 2.

I set it up by reading the NTLM/winbind sections in the FAQ, which also roughly corresponds with some other people's squid.conf's I googled.

Winbind is working, ntlm_auth tests OK and NTLM authentication via IE works fine for domain users (2K AD). But of course, I want to authenticate based on group membership not just plain domain membership. wbinfo_group.pl seems to be working - I can manually feed it usernames or 'domain+username' and groupnames and get the correct responses.

Fine so far.... but when squid speaks to wbinfo_group.pl the script only sees the domain name and the group to be queried, not the username (according to its debug output). Hence it allways returns ERR.

I've tried setting the winbind separator to '+' but this doesnt seem to have made a difference. To be honest I've only been using linux for a few months so this has all taken me quite a while and I'm running out of time I can spend on this - I'm hoping someone out there can suggest something.


Cracked it now I think. I was using the wrong ntlm_auth module, now I'm using the one in /usr/bin (that came with samba?) and its passing the right info to wbinfo_group.pl.


Neil

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux