Hi, I'm using Squid (Fedora core2 rpm squid-2.5.STABLE5-4.fc2), with Samba (rpm samba-3.0.6-2.fc2) for NTML authentication against an Windows NT4 domain controller
This works fine... However, we want to authenticate against an Domain NT-Group, and that's where I'm getting stuck.. I've tried various exampels I've found using wbinfo_group.pl, but it just doesn't seem to work... Has anybody succeeded with this combination? When I run wbinfo_group manually, with debug turned on, I get the following results: # ./wbinfo_group.pl RZH_NT+RBasti Internet Got RZH_NT+RBasti Internet from squid User: -RZH_NT+RBasti- Group: -Internet- SID: -S-1-5-21-637226847-105070846-619646970-7160 Domain Group (2)- GID: -Could not convert sid S-1-5-21-637226847-105070846-619646970-7160 Domain Group (2) to gid- Sending ERR to squid ERR where RZH_NT is our NT domain, RBasti is the username, and Internet is a domain group... (and yes, RBasti is a member of the group Internet)... Looks like something is going wrong converting the sid to the gid, but this is a black-hole for me... Why is it trying to do this, and why is it not succeeding? Winbind seems to work fine: # wbinfo -t checking the trust secret via RPC calls succeeded # wbinfo -g |grep Internet Internet # wbinfo -u |grep RBasti RBasti # wbinfo -a RBasti%******** (passwd blanked) plaintext password authentication succeeded challenge/response password authentication succeeded Oh, and I already gave squid read-accecss to /var/cache/samba/winbindd_privileged by doing a chgrp squid... Thanks. Remco
