Hi,
I'm using Squid (Fedora core2 rpm squid-2.5.STABLE5-4.fc2), with Samba (rpm
samba-3.0.6-2.fc2) for NTML authentication against an Windows NT4 domain
controller
This works fine... However, we want to authenticate against an Domain
NT-Group, and that's where I'm getting stuck..
I've tried various exampels I've found using wbinfo_group.pl, but it just
doesn't seem to work... Has anybody succeeded with this combination?
When I run wbinfo_group manually, with debug turned on, I get the following
results:
# ./wbinfo_group.pl
RZH_NT+RBasti Internet
Got RZH_NT+RBasti Internet from squid
User: -RZH_NT+RBasti-
Group: -Internet-
SID: -S-1-5-21-637226847-105070846-619646970-7160 Domain Group (2)-
GID: -Could not convert sid S-1-5-21-637226847-105070846-619646970-7160
Domain Group (2) to gid-
Sending ERR to squid
ERR
where RZH_NT is our NT domain, RBasti is the username, and Internet is a
domain group... (and yes, RBasti is a member of the group Internet)...
Looks like something is going wrong converting the sid to the gid, but this
is a black-hole for me... Why is it trying to do this, and why is it not
succeeding?
Winbind seems to work fine:
# wbinfo -t
checking the trust secret via RPC calls succeeded
# wbinfo -g |grep Internet
Internet
# wbinfo -u |grep RBasti
RBasti
# wbinfo -a RBasti%******** (passwd blanked)
plaintext password authentication succeeded
challenge/response password authentication succeeded
Oh, and I already gave squid read-accecss to
/var/cache/samba/winbindd_privileged by doing a chgrp squid...
Thanks.
Remco
Received on Mon Sep 13 2004 - 09:55:20 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT