Hello all,
I'm facing a weird problem using wbinfo_group.pl to validate windows
groups. I'm used to install and configure this often, so I don't think
I'm doing anything wrong, but here goes:
SISOP = FreeBSD 6.2-STABLE
Samba = 3.0.25a
Squid = 2.6.STABLE13
##################
Squid settings:
Debug:
debug_options ALL,1 82,9
External ACL:
external_acl_type NT_global_group concurrency=5 %
LOGIN /usr/local/libexec/squid/wbinfo_group.pl
ACL's:
acl autentica_user-proxyauth proxy_auth REQUIRED
acl autentica_grupo-external external NT_global_group INTERNET
Rule:
http_access allow autentica_user-proxyauth autentica_grupo-external
####################
Cache.log output
2007/06/15 12:31:01| aclMatchExternal: acl="NT_global_group"
2007/06/15 12:31:01| aclMatchExternal: NT_global_group("isnard-jaquet
INTERNET") = lookup needed
2007/06/15 12:31:01| externalAclLookup: lookup in 'NT_global_group' for
'isnard-jaquet INTERNET'
Could not convert sid S-1-5-21-896827187-199566214-697575874-2146 to gid
Could not get groups for user 0
2007/06/15 12:31:01| helperHandleRead: unexpected reply on channel -1
from NT_global_group #1 'OK'
######################
If I do it on a command line here is the output:
# /usr/bin/perl -w /usr/local/libexec/squid/wbinfo_group.pl -d
isnard-jaquet INTERNET
Got isnard-jaquet INTERNET from squid
User: -isnard-jaquet-
Group: -INTERNET-
SID: -S-1-5-21-896827187-199566214-697575874-2147-
GID: -10000-
Sending OK to squid
OK
########################
If you watch it closely, you will see that the SID returned by the
command line is the one expected, but the output on cache.log is the
wrong one.
Command line:
SID - S-1-5-21-896827187-199566214-697575874-2147
Cache.log:
SID - S-1-5-21-896827187-199566214-697575874-2146
In other words, I'm pretty confused now.
Am I doing something wrong? Have anyone ever ran into that problem? Any
help will be greatly appreciated.
Isnard
Received on Fri Jun 15 2007 - 09:53:25 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT