Neil Gaskell wrote:
Hi,
I'm new to the list so I hope I'm not asking one of those questions
that gets asked ten times a week :)
I'm running Squid 2.5 Stable with Samba 3.03 on Fedora core 2.
I set it up by reading the NTLM/winbind sections in the FAQ, which
also roughly corresponds with some other people's squid.conf's I googled.
Winbind is working, ntlm_auth tests OK and NTLM authentication via IE
works fine for domain users (2K AD). But of course, I want to
authenticate based on group membership not just plain domain
membership. wbinfo_group.pl seems to be working - I can manually feed
it usernames or 'domain+username' and groupnames and get the correct
responses.
Fine so far.... but when squid speaks to wbinfo_group.pl the script
only sees the domain name and the group to be queried, not the
username (according to its debug output). Hence it allways returns ERR.
I've tried setting the winbind separator to '+' but this doesnt seem
to have made a difference. To be honest I've only been using linux for
a few months so this has all taken me quite a while and I'm running
out of time I can spend on this - I'm hoping someone out there can
suggest something.
Cracked it now I think. I was using the wrong ntlm_auth module, now I'm
using the one in /usr/bin (that came with samba?) and its passing the
right info to wbinfo_group.pl.
Neil
