Try adding # Misc winbind enum users = yes winbind enum groups = yes
To smb.conf Regards Jay -----Original Message----- From: Tony Melia (DMS) [mailto:[EMAIL PROTECTED] Sent: Tuesday, 22 July 2003 5:11 AM To: '[EMAIL PROTECTED]' Subject: [squid-users] Winbind problem Hi, I know in advance that this question is more of a samba related one than squid, but there are a lot of winbind users here, so I will throw it at you anyway. I am still trying to get squid and winbind talking so I can control access via groups. I found that I get a 'cannot enum groups' error if I include the domain name. for example, here is 2 attempts using the wb_group on command line; I give 'mydomain\\administrator ProxyUsers' and get..... /wb_group[2860](wb_check_group.c:343): Got 'mydomain\\administrator ProxyUsers' from Squid (length: 34). /wb_group[2860](wb_check_group.c:231): Warning: Can't enum user groups. I give administrator ProxyUsers and get..... /wb_group[2860](wb_check_group.c:343): Got 'administrator ProxyUsers' from Squid (length: 24). /wb_group[2860](wb_check_group.c:237): SID: S-1-5-21-1232230414-721959228-1536833037-513 /wb_group[2860](wb_check_group.c:196): Stripping domain from group name MYDOMAIN\Domain Users /wb_group[2860](wb_check_group.c:201): Windows group: Domain Users, Squid group: ProxyUsers /wb_group[2860](wb_check_group.c:237): SID: S-1-5-21-1232230414-721959228-1536833037-512 /wb_group[2860](wb_check_group.c:196): Stripping domain from group name MYDOMAIN\Domain Admins /wb_group[2860](wb_check_group.c:201): Windows group: Domain Admins, Squid group: ProxyUsers as you can see, leaving out the domain works, but I do need multi domains working. I have this problem on 2 different boxs. squid was built with.... ./configure --prefix=/usr --enable-delay-pool --enable-snmp --enable-auth=ntlm,basic --enable-basic-auth-helpers=winbind --enable-ntlm-auth-helpers="winbind,fakeauth" --enable-external-acl-helpers=winbind_group samba built with... ./configure --prefix=/usr --with-winbind --with-winbind-auth-challenge --with-smbmount --with-pam --with-acl-support relevant snippit of smb.conf is; [global] workgroup = mydomain server string = Samba Server log file = /var/log/samba/log.%m log level = 4 max log size = 50 security = domain password server = testserver encrypt passwords = yes winbind uid = 10000-65000 winbind gid = 10000-65000 winbind separator = + relevant squid.conf bits are; auth_param ntlm program /usr/libexec/wb_ntlmauth auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes acl all src 10.0.0.0/255.255.255.0 #http_access allow all external_acl_type winbind-group %LOGIN /usr/libexec/wb_group -d acl myProxyUsers external winbind-group ProxyUsers acl password proxy_auth REQUIRED http_access allow myProxyUsers http_access deny all _______________________________________ This is authenticating against NT4 at the moment, also have same issue against win2k - the group I am using for testing is ProxyUsers. Thanks in advance. Downs MicroSystems Pty Ltd 145 Margaret Street Toowoomba Qld 4350 Ph. (07) 4639 3344 Fax (07) 4639 3820 Important Disclaimer and Warning Downs MicroSystems does not represent or warrant that any attached files are free from computer viruses or other defects. The attached files are provided, and may only be used, on the basis that the user assumes all responsibility for any loss, damage or consequences resulting directly or indirectly from use of the attached files. The liability of Downs MicroSystems in any event is limited to either the resupply of the attached files or the cost of having the attached files resupplied. NOTE: The views expressed by the individual in this message do not necessarily reflect those of the organisation. Downs MicroSystems is committed to protecting the privacy of individuals, and is bound by the principles of the Commonwealth Privacy Act (1988). Should you wish to view our Privacy Policy, please visit www.downsmicro.com.au. The information contained in this message is confidential and may be legally privileged. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, dissemination, or reproduction is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.