On Tue, 2004-09-07 at 23:08, Matt Doran wrote:
> Hi there,
> 
> I'm trying to configure Squid to use a windows domain for 
> authentication, and all goes well until I add the 
> "--require-membership-of" option on ntlm_auth.   I need to restrict 
> access based on group membership, however ntlm_auth does not seem to be 
> behaving correctly.  I'm using Samba 3.0.6 on Debian and I'm using a 
> Windows 2000 (SP4) Domain Controller.  I configured winbind as discussed 
> here: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5
> 
> ntlm_auth seems to report the membership of some groups correctly, but 
> incorrectly for others.

You are actually lucky it didn't segfault.  There are a number of logic
bugs, the fixes for which I think didn't make 3.0.6.  Try current SVN,
but I suspect we might need some extra code to correctly pick up the
universal groups.  (We know how to do it, so it's a simple matter of
programming - bug #1562.)

Andrew Bartlett

-- 
Andrew Bartlett                                 [EMAIL PROTECTED]
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   [EMAIL PROTECTED]

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Reply via email to