[squid-users] wb_group and samba 3
I need wb_group to work under samba 3. Compiling it with the samba 3 libraries give this error_ [EMAIL PROTECTED] winbind_group]# make source='wb_common.c' object='wb_common.o' libtool=no \ depfile='.deps/wb_common.Po' tmpdepfile='.deps/wb_common.TPo' \ depmode=gcc3 /bin/sh ../../../cfgaux/depcomp \ gcc -DHAVE_CONFIG_H -I. -I. -I../../../include -I. -I../../../include -I../. ./../include -I../../../src -I../../../include/samba-g -O2 -Wall -c `test -f wb_common.c || echo './'`wb_common.c wb_common.c: In function `init_request': wb_common.c:68: structure has no member named `domain' wb_common.c:77: structure has no member named `domain' wb_common.c:77: structure has no member named `domain' wb_common.c:77: structure has no member named `domain' wb_common.c:77: structure has no member named `domain' wb_common.c:77: structure has no member named `domain' wb_common.c:77: structure has no member named `domain' wb_common.c:77: structure has no member named `domain' wb_common.c:77: structure has no member named `domain' wb_common.c:78: structure has no member named `domain' wb_common.c:78: structure has no member named `domain' wb_common.c: In function `winbindd_send_request': wb_common.c:334: structure has no member named `domain' make: *** [wb_common.o] Error 1 And compiling without samba 3 librarier make wb_group to not find winbind even if it is already started and working. How to solve this problem ? I need to authenticate groups of users and I don't want to use wbinfo_group.pl Thanks in Advance BEst Regards. Federico
Re: [squid-users] wb_group and samba 3
On Fri, 31 Oct 2003, Lombardo Federico wrote: > I need wb_group to work under samba 3. Won't work. wb_group is a Samba-2.X helper. For Samba-3 you can use the wbinfo_group helper which is Samba version neutral. Regards Henrik
Re: [squid-users] wb_group and samba 3
Henrik I'm sorry to be pedant, but wbinfo_group is a perl script, I've a lot of users... I'm afraid that will slow down authentication process, isn't it ? wb_group is as far tested to be rock stable and fast, is possible to re-implement it to work on samba 3 ? Is in roadmap a ntlm_auth for ADS groups that implement fully NTLMv2 authentication with group support ? I think that ntlm_auth that comes with samba 3 is fast and useful, But I must track 1000 users in a ACL regex... this is not a good thing... Also because I need to create policies for groups of users. What do you think if I integrate winbind with ADS win2k with PAM, and use squid pam authentication for groups ? is possible ? BEst Regards, Federico - Original Message - From: "Henrik Nordstrom" <[EMAIL PROTECTED]> To: "Lombardo Federico" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, October 31, 2003 12:48 PM Subject: Re: [squid-users] wb_group and samba 3 > On Fri, 31 Oct 2003, Lombardo Federico wrote: > > > I need wb_group to work under samba 3. > > Won't work. wb_group is a Samba-2.X helper. > > For Samba-3 you can use the wbinfo_group helper which is Samba version > neutral. > > Regards > Henrik > >
Re: [squid-users] wb_group and samba 3
On Fri, 31 Oct 2003, Lombardo Federico wrote: > but wbinfo_group is a perl script, I've a lot of users... I'm afraid that > will slow down authentication process, isn't it ? Not really. The speed difference is marginal, and in both cases the results are aggressively cached by Squid. > wb_group is as far tested to be rock stable and fast, is possible to > re-implement it to work on samba 3 ? Not unless the Samba team provides such helper. > Is in roadmap a ntlm_auth for ADS groups that implement fully NTLMv2 > authentication with group support ? yes. In fact the Samba-3 helper does so already but there is issues in Squid preventing it from happening. group support is independent of NTLMv2. > I think that ntlm_auth that comes with samba 3 is fast and useful, But I > must track 1000 users in a ACL regex... this is not a good thing... Also > because I need to create policies for groups of users. Use wbinfo_group helper. > What do you think if I integrate winbind with ADS win2k with PAM, and use > squid pam authentication for groups ? is possible ? For ADS you should be using the LDAP helpers for group membership lookups and basic authentication. PAM is also possible (for Basic authentication only), but generally only makes the setup several orders of magnitude more complex, and is only interesting if you really want the OS to know about all the users. Regards Henrik
