Hey guys, I have found that using a + as the seperator opposed to the slash in the group name works.
IE: Sending "company+user pass" to ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="company\internet" returns Could not parse company/internet into seperate domain/name parts! but sending it to ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="company+internet" returns OK I found this after looking through ntlm_auth.c and finding that it relies on winbindd to provide the serperator. This maybe platform dependant, I have not dug deeper. The Man page is what thru me here as it states to use a backslash as the seperator in the example. Cheers, Simon Woodward. Andrew Bartlett wrote: > > On Thu, 2006-01-19 at 12:42 -0600, Rex Dieter wrote: >> Andrew Bartlett wrote: >> > On Wed, 2006-01-18 at 10:21 -0600, Rex Dieter wrote: >> > >> >>Rex Dieter wrote: >> >> >> >>>Rex Dieter wrote: >> >> >>>>I'm having trouble getting ntml_auth to recognize ActiveDirectory >> >>>>groups that aren't in AD\Users. In particular, we've a few groups in >> >>>>our department OU that I'd like to be able to use. If I specify any >> >>>>of our OU-specific groups, using something like: >> >>>># ntlm_auth --username=foo --require-membership-of="AD\OUGroup1" >> >>>>password: >> >>>>I get: >> >>>>Winbindd lookupname failed to resolve AD\OUGroup1 into a SID! >> >> >>>Turns out using >> >>>wbinfo --name-to-sid=OUGroup1 >> >> >>So my question is: why can wbinfo resolve the name to a SID, but >> >>ntlm_auth can't? >> >> > Sometimes this is a problem of timing, as ntlm_auth does this when >> squid >> > is starting. >> >> I'm skeptical. I repeated this on several occasions on several >> different boxes. ntlm-auth *always* failed the same way when trying to >> resolve Groups not in the top-level AD\Users OU. > > Interesting. It should be asking the same question as wbinfo -n.... > > Can you chase this down a bit more, with the current code, and file a > bug? > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Student Network Administrator, Hawker College http://hawkerc.net > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- View this message in context: http://www.nabble.com/ntml_auth---require-membership-of-t945220.html#a3193055 Sent from the Samba - General forum at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
