So It means that every group lookups need an helper that gives him credential ?
I've posted that mail not the differences between authorization or authentication. I was wondering if groups helpers need someone gives them credential! As wrote in previus mail, without any other auth helper, wbinfo_group cannot realize who's asking service! Is true what I'm saying, or wbinfo_group is able to realize credential without any other helper and, so I've a wrong configuration ? ----- Original Message ----- From: "Henrik Nordstrom" <[EMAIL PROTECTED]> To: "Lombardo Federico" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, November 04, 2003 4:56 PM Subject: Re: [squid-users] wbinfo_group.pl, multiple questions > On Tue, 4 Nov 2003, Lombardo Federico wrote: > > > I've three questions: > > > > 1) to have a wbinfo_group.pl working I must use the script posted here: > > http://itmanagers.net/postt10.html and not the squid bringed one. > > For wbinfo_group.pl to work you need to use Squid-2.5, not Squid-2.4. But > from the rest of your discussion it seems you are using Squid-2.5.. > > The wbinfo_group.pl script works fine assuming your Perl installation is > reasonably up to date and includes the shellwords.pl library module > required by the helper. If your Perl installation does not include > shellwords.pl then grab this file from a reasonably up to date Perl > distribution and add it to your perl installation, or upgrade your Perl. > > > 2) I've noticed that I must use ntlm_auth helper to make possible > > wbinfo_group to authenticate. It's strange... wbinfo_group is a basic auth, > > ntlm_auth is NTLM one. > > wbinfo_group is GROUP membership lookups for authorization, not > authentication. The two functions are separate from each other as they > stand for different concepts. > > authorization is about who is allowed to do what. > > authentication is about who is who. > > ntlm_auth in Samba-3 is a generic authentication helper for winbind and > supports both basic and NTLM authentication schemes. The fact that it is > named ntlm_auth is mostly historical and does not accurately reflect it's > function. > > Regards > Henrik > > >