Hi,
My name is Brian O'Neill and I'm from Minneapolis, MN and I work for a
large financial firm. My background is across the board with unix, nt,
and networking. My programming background (atleast the usable portion of
it) is C/C++, perl, Bource/Korn shell scripting, SQL, and a splattering
of Objective C. I've been using squid off and on for several years in
very elementary ways, but now in the process of setting up a pretty
advanced setup for authentication and access control. I am most
interested in dealing with external authentication/ACL apps especiall
NTLM based stuff, and very fast ways to parse ACL's of 200k+ domains.
Also, I'm including a patch for squid-2.5.STABLE1-20021105
helpers/external_acl/winbind_group/winbind_check_group.c. This patch
first fixes an issue with not checking membership in the last group in
which an NT user is a member of (and if they are a member of only one
group, it doesn't check it at all). Also, is a syntax change for using
wb_group. Current documentation states that for accessing NT groups with
spaces in the names, they need to be quoted. Quoting a group such as
"Foo Bar" gives an error on squid start up. This patch allows the use of
`Foo Bar` to properly be sent to wb_group, and the ACL check to
successfully match the user to group.
-------------------- patch -------------------------------
$ diff wb_check_group.c wb_check_group.c.orig
82,85d81
< case '`':
< quoted = !quoted;
< p++;
< break;
190c186
< for (i = 1; i <= response.data.num_entries; i++) {
--- > for (i = 0; i < response.data.num_entries; i++) { ----------------------------------------------------------- In addition, I found that ntlm auth with winbind does not work if squid is compiled with Sun's Workshop 5.0 (on Solaris 8 running in 64bit, but not compiled 64bit). Everything compiles fine, but wb_ntlmauth fails to successuflly authentication anyone. Also, debugging fails to work in wb_ntlmauth if compiled in Sun's cc. I noticed this when trying to get debugging to work, to find out why it wasn't working, and found the gcc specifics in the debugging code. So, on a whim compiled with gcc 2.95.3, and bingo, everything in ntlm authentication suddenly started working. Also of note, samba was compiled with WS 5.0's cc. Thanks, Brian -- btoneill@misplaced.net **************************************************************************** UNIX is simple and coherent, but it takes a genius (or at any rate a programmer) to understand and appreciate the simplicity." - Dennis Ritchie ****************************************************************************Received on Tue Nov 12 2002 - 10:55:50 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:42 MST