Begin forwarded Message from Roman Rathler,
Thu, 29 Apr 2004 11:06:01 +0200 (METDST):
Hi,
in the meanwhile i got it running using the wbinfo_group.pl helper.
There is a bug in the perl script that comes with the fedora package
squid-2.5.STABLE3-1.fc1 when it tries converting groupSID to groupGID...
the result of $groupSID (wbinfo -n groupname) is:
S-1-5-21-515967xxx-1078145xxx-1708537xxx-1236 Domain Group (2)
the perl script expects it just to be the SID -> here is my workaround
for the perl script (i do not program perl normally so this code could
for shure look nicer):
sub check {
local($user, $group) = @_;
$groupSID = `wbinfo -n "$group"`;
chop $groupSID;
>> @hugo = split(/ /, $groupSID);
>> $groupGID = `wbinfo -Y $hugo[0]`;
chop $groupGID;
&debug( "User: -$user-\nGroup: -$group-\nSID: -$groupSID-\nGID:
-$groupGID-");
return 'OK' if(`wbinfo -r \Q$user\E` =~ /^$groupGID$/m);
return 'ERR';
}
don't know wheter this was already fixed in the squid distribution...
best regards,
roman
Henrik Nordstrom <hno@squid-cache.org> writes on
Wed, 28 Apr 2004 17:39:11 +0200 (METDST):
> On Wed, 28 Apr 2004, Roman Rathler wrote:
>
>
> > I have a squid up and running with samba-3 using the fedora
packages
> > (squid-2.5.STABLE3-1.fc1). authentication against the ads works
fine
> > from squid for basic and ntlm authentication. now i want to build
some
> > acls using groups from the active directory.
> >
> > I tried unsing wb_group helper with syntax like this:
>
> wb_group is only valid for use with Samba-2.2.X. For Samba-3 you need
> to
> use the wbinfo_group helper.
>
> Regards
> Henrik
>
___________________________________________________
Stay Tuned For PocketBeats
http://pocketbeats.net/
Received on Thu Apr 29 2004 - 03:08:59 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:03 MDT