On Tue, 2004-09-07 at 23:08, Matt Doran wrote: > Hi there, > > I'm trying to configure Squid to use a windows domain for > authentication, and all goes well until I add the > "--require-membership-of" option on ntlm_auth. I need to restrict > access based on group membership, however ntlm_auth does not seem to be > behaving correctly. I'm using Samba 3.0.6 on Debian and I'm using a > Windows 2000 (SP4) Domain Controller. I configured winbind as discussed > here: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 > > ntlm_auth seems to report the membership of some groups correctly, but > incorrectly for others.
You are actually lucky it didn't segfault. There are a number of logic bugs, the fixes for which I think didn't make 3.0.6. Try current SVN, but I suspect we might need some extra code to correctly pick up the universal groups. (We know how to do it, so it's a simple matter of programming - bug #1562.) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba