As a general rule, it is worth including smb.conf portions as well as squid.conf portions to the list when troubleshooting winbind ACL's.
I had a number of problems with wb_group that went away when I left out the winbind separator option in smb.conf. Also, use the group name, not the SID in the ACL. Also, try enabling greater debug info in the cache.log which might give more info on what's going wrong - unless you are certain the problem is the wb_group file giving the ERR, in which case squid is not the problem. Have a look in the wb_group.c source to see (it can be surprisingly readable, even for a non-programmer) what conditions cause this status to be generated. Regards, Tony -----Original Message----- From: Simon Bryan [mailto:[EMAIL PROTECTED] Sent: Monday, 4 August 2003 11:13 To: [EMAIL PROTECTED] Subject: [squid-users] wb_group Hi all, I am working my way through why the delay_pools do not work for me, I suspected winbind and have been rebuilding everything. I have an issue with wb_group that I can't resolve. If I use wb_group -d and enter a valid username I get a list of groups as below: student /wb_group[22779](wb_check_group.c:343): Got 'student' from Squid (length: 7). /wb_group[22779](wb_check_group.c:237): SID:S-1-5-21-8915387-1576539265-1404200075-513 /wb_group[22779](wb_check_group.c:237): SID:S-1-5-21-8915387-1576539265-1404200075-3041 /wb_group[22779](wb_check_group.c:237): SID:S-1-5-21-8915387-1576539265-1404200075-3530 ERR However it always terminates with an ERR which seems to me what it must be sending to Squid so the users never fall into a group. I am using the Squid snapshot from 3rd August and Samba 2.2.8a, I have copied over the winbindd_nss.h file over the top of the Squid. Squid -v gives: Squid Cache: Version 2.5.STABLE3-20030803 configure options: --enable-delay-pools --enable-auth=ntlm,basic --enable-basic-auth-helpers=winbind --enable-ntlm-helpers=winbind wb_info gives all the right answers. Any clues appreciated. As a second question, when using wb_group in an acl do you use the NT group name eg 'teachers' or the SID number as given by wb_group on the command line? Cheers, ____________________ Simon Bryan IT Manager OLMC Parramatta Downs MicroSystems Pty Ltd 145 Margaret Street Toowoomba Qld 4350 Ph. (07) 4639 3344 Fax (07) 4639 3820 Important Disclaimer and Warning Downs MicroSystems does not represent or warrant that any attached files are free from computer viruses or other defects. The attached files are provided, and may only be used, on the basis that the user assumes all responsibility for any loss, damage or consequences resulting directly or indirectly from use of the attached files. The liability of Downs MicroSystems in any event is limited to either the resupply of the attached files or the cost of having the attached files resupplied. NOTE: The views expressed by the individual in this message do not necessarily reflect those of the organisation. Downs MicroSystems is committed to protecting the privacy of individuals, and is bound by the principles of the Commonwealth Privacy Act (1988). Should you wish to view our Privacy Policy, please visit www.downsmicro.com.au. The information contained in this message is confidential and may be legally privileged. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, dissemination, or reproduction is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.