Re: [Samba] NTLM_AUTH require-membership-of local groups?

[Andrew Bartlett]

On Wed, 2004-12-15 at 10:52 -0500, Sorisio, Chris wrote:
 I'm running Samba 3.0.9 on Fedora Core.
 
 I can authenticate against global groups via ntlm_auth, but authentication
 against local groups fails.
 
 Our network consists of multiple NT 4.0 domains.
 
 1.  Can ntlm_auth authenticate against local groups, or is it limited to
 global groups?

Currently global groups.  I never got my head around the implementation
of local groups in winbindd to hook them in properly.  It should not be
hard, but it just needs to be done.  (We just need to expand the group
list before we start the required-membership check).

 2.  Can multiple global groups be designated as arguments to
 'require-membership-of' in an 'OR' fashion?  (If the user is a member of any
 of the listed groups, the check succeeds.

No, it's a one-group wonder.  Perhaps you really want a squid ACL?  (I
presume this is for squid).

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] NTLM_AUTH require-membership-of local groups?

[Sorisio, Chris]

I'm running Samba 3.0.9 on Fedora Core.

I can authenticate against global groups via ntlm_auth, but authentication
against local groups fails.

Our network consists of multiple NT 4.0 domains.

1.  Can ntlm_auth authenticate against local groups, or is it limited to
global groups?

2.  Can multiple global groups be designated as arguments to
'require-membership-of' in an 'OR' fashion?  (If the user is a member of any
of the listed groups, the check succeeds.

We're going to consolidate our domains someday, but for now I'm stuck with
about six.

Thanks,

Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba