RE: [squid-users] wb_group problems

From: García García, Alberto <agarciag@dont-contact.us>
Date: Mon, 23 Dec 2002 09:57:24 +0100

        I´m tryng the authentiation creating a LOCAL_GROUP (GROUP1)in
WINDOWS2K (DOMAIN1)and including in this group the WINDOWS NT
(DOMAIN2\GROUP1), but doesn´t work.

        I´m reading from mailing list and see that WB_GROUP only work with
Global_Groups and not with LOCAL_GROUPS.

        It´s posible to authenticate with LOCAL_GROUPS.

        Thank´s.

-----Mensaje original-----
De: Henrik Nordstrom [mailto:hno@marasystems.com]
Enviado el: jueves, 19 de diciembre de 2002 22:42
Para: García García, Alberto; 'squid-users@squid-cache.org'
Asunto: Re: [squid-users] wb_group problems

Groups in trusted domains should work if the trust works.

Does "wbinfo -g" find the group in the users domain? If not then the
trust is not set up properly for winbind, winbind is otherwise
confused or the group simply does not exists in the users domain.

It is possible you need to speficy the group by domain to wb_group for
domains connected via trust relations. I do not know. Only have a
single NT server in our lab. wb_group checks group names as returned
by winbind by lookup of the group SID. Hmm.. it may be possible that
wb_group cannot lookup groups outside the primary domain.

Regards
Henrik

On Wednesday 18 December 2002 17.13, García García, Alberto wrote:
> Multidomain work fine for NTLM but when i try the authentication
> with wb_group the users will need an account in this group. Isn´t
> it?
>
> Authentication in PDC/BDC of DOMAIN1
>
> User1-Group1 in DOMAIN1 autthentication is good.
> User1-Group1 in DOMAIN2 bad authentication (user is not in PDC/BDC
> of Domain1)

Este mensaje de correo electrónico y sus documentos adjuntos están dirigidos
EXCLUSIVAMENTE a los destinatarios especificados. La información contenida
puede ser CONFIDENCIAL y/o estar LEGALMENTE PROTEGIDA y no necesariamente
refleja la opinión de ENDESA. Si usted recibe este mensaje por ERROR, por
favor comuníqueselo inmediatamente al remitente y ELIMÍNELO ya que usted
NO ESTA AUTORIZADO al uso, revelación, distribución, impresión o copia de
toda o alguna parte de la información contenida. Gracias.

This e-mail message and any attached files are intended SOLELY for the
addressee/s identified herein. It may contain CONFIDENTIAL and/or LEGALLY
PRIVILEGED information and may not necessarily represent the opinion of
ENDESA. If you receive this message in ERROR, please immediately notify the
sender and DELETE it since you ARE NOT AUTHORIZED to use, disclose,
distribute, print or copy all or part of the contained information. Thank
you.
Received on Mon Dec 23 2002 - 01:57:34 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:11 MST