Hi,
I try to find someone who know how to configure the wbinfo_group.pl as a
external helper.
I have squid 2.5 STABLE9 runing on solaris 8 and the authentication is
working with a NT domain (the user auth is working fine)
here is my config:
## basic auth
auth_param basic program /opt/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ba
sic
auth_param basic children 64
auth_param basic credentialsttl 2 hours
auth_param basic realm CAI Internet access control Gen\350ve
## NTLM auth
auth_param ntlm program /opt/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ntl
mssp
auth_param ntlm children 64
auth_param ntlm max_challenge_lifetime 30 minutes
auth_param ntlm max_challenge_reuses 0
authenticate_cache_garbage_interval 10 minute
authenticate_ttl 10 minute
external_acl_type NT_global_group %LOGIN /opt/squid/libexec/wbinfo_group.pl
acl techuser external NT_global_group D-CH-BI1\SurfeursWebCAICH-T
acl webuser external NT_global_group D-CH-BI1\SurfeursWebCAICH
D-CH-BI1\SurfeursWebCAICH-T
http_access deny ftp !techuser
http_access allow cai-auth webuser
http_access deny all
but that dosen't wokr the wbinfo_group.pl is only testing the first group,
not the second or the third, here is the output of a test user: (he is
member of SurfeursWebCAICH-T)
here is the debug I have on cache.log
Got d-ch-bi1\\bi9yj D-CH-BI1\\SurfeursWebCAICH D-CH-BI1\\SurfeursWebCAICH-T
from squid
User: -d-ch-bi1\bi9yj-
Group: -D-CH-BI1\SurfeursWebCAICH-
SID: -S-1-5-21-907243726-1387878072-1859928627-9560 Domain Group (2)-
GID: -10013-
Sending ERR to squid
but if I do a wbinfo -r d-ch-bi1\\bi9yj
here is my group:
10000
10001
10002
10003
10004
10005
10006
10007
10008
10009
10010
10011
10012
so the wbinfo_group.pl only test the first group it receive from squid not
the other.
How can I make it work ?
thanks for any help
Arno
******************************************************************
DISCLAIMER - E-MAIL
-------------------
The information contained in this E-Mail is intended for the named
recipient(s). It may contain certain privileged and confidential
information, or information which is otherwise protected from
disclosure. If you are not the intended recipient, you must not
copy,distribute or take any action in reliance on this information
******************************************************************
Received on Tue Jun 21 2005 - 06:00:21 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT