Andrew,
I didn't have the time to compile and test the pre-3.0.7 releases, but just did some testing on the 3.0.7 release.... and it looks good.
The ntlm_auth "--require-membership-of" option appears to work as expected. This will make it really easy to use squid in fairly sophisticated access policy.
Thanks for your help,
-- Matt Doran PaperCut Software Pty. Ltd. Web: http://www.papercut.biz Blog: http://blogs.papercutsoftware.com/matt.doran/
Andrew Bartlett - [EMAIL PROTECTED] wrote:
On Tue, 2004-09-07 at 23:08, Matt Doran wrote:
Hi there,
I'm trying to configure Squid to use a windows domain for authentication, and all goes well until I add the "--require-membership-of" option on ntlm_auth. I need to restrict access based on group membership, however ntlm_auth does not seem to be behaving correctly. I'm using Samba 3.0.6 on Debian and I'm using a Windows 2000 (SP4) Domain Controller. I configured winbind as discussed here: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5
ntlm_auth seems to report the membership of some groups correctly, but incorrectly for others.
You are actually lucky it didn't segfault. There are a number of logic bugs, the fixes for which I think didn't make 3.0.6. Try current SVN, but I suspect we might need some extra code to correctly pick up the universal groups. (We know how to do it, so it's a simple matter of programming - bug #1562.)
Andrew Bartlett
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
