Is your "winbind separator = +" in the smb.conf file? By the first example you gave, I believe it should be.Hi.
I need to use the ntlm_auth module to auth. users so a group can use Internet and other not, using squid. The users that belong to "Internet" group may use Internet.
I've being looking for info. about this but there is no much info. in google.
Until now this is the only info. that I had found:
for squid.conf:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="dominio+Internet"
the "dominio+internet": I made proof of "dominio\internet" , "dominio\\internet" and always there is an error like this:
[2005/01/18 11:58:23, 0] utils/ntlm_auth.c:get_require_membership_sid(237) Winbindd lookupname failed to resolve dominio+Internet into a SID!
so I tried the SID:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=S-1-5-21-2357639956-1676252757-504000632-2005
and:
[2005/01/18 11:59:20, 10] utils/ntlm_auth.c:manage_squid_request(1610) Got 'ibcinc+xavier acacadac' from squid (length: 22). [2005/01/18 11:59:21, 3] utils/ntlm_auth.c:check_plaintext_auth(292) NT_STATUS_OK: Success (0x0) OK
But, even doing this (putting the SID) the users can't be authenticated by the server. Squid and the smb PDC are the same box, is this possible???
this the error from log when a user run its web browser and ask for a user/password:
On my box to get the "--require-membership-of=domain.group" to work, I had to tack on "--username=%LOGIN" as well. After that, it works like a champ.
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
