On Thu, 2006-01-19 at 12:42 -0600, Rex Dieter wrote: > Andrew Bartlett wrote: > > On Wed, 2006-01-18 at 10:21 -0600, Rex Dieter wrote: > > > >>Rex Dieter wrote: > >> > >>>Rex Dieter wrote: > > >>>>I'm having trouble getting ntml_auth to recognize ActiveDirectory > >>>>groups that aren't in AD\Users. In particular, we've a few groups in > >>>>our department OU that I'd like to be able to use. If I specify any > >>>>of our OU-specific groups, using something like: > >>>># ntlm_auth --username=foo --require-membership-of="AD\OUGroup1" > >>>>password: > >>>>I get: > >>>>Winbindd lookupname failed to resolve AD\OUGroup1 into a SID! > > >>>Turns out using > >>>wbinfo --name-to-sid=OUGroup1 > > >>So my question is: why can wbinfo resolve the name to a SID, but > >>ntlm_auth can't? > > > Sometimes this is a problem of timing, as ntlm_auth does this when squid > > is starting. > > I'm skeptical. I repeated this on several occasions on several > different boxes. ntlm-auth *always* failed the same way when trying to > resolve Groups not in the top-level AD\Users OU.
Interesting. It should be asking the same question as wbinfo -n.... Can you chase this down a bit more, with the current code, and file a bug? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
