RE: [squid-users] wb_group

From: Simon Bryan <[email protected]>
Date: Mon, 4 Aug 2003 13:20:03 +1000 (EST)

Jay Turner said:
> You need to supply the account name and the group to the wb_group helper.
>
> OK will be returned if the user provided is in the group provided.
>
> ie DOMAIN\\username "Domain Users"
>
> See if that helps

Yes it works from the command line OK with that syntax. Does Squid do that
automatically? If not how do you configure the acl? I have the following at the
moment:

acl winauth external wb_group wwwusers
acl banned external wb_group banned
acl staff external wb_group Teachers
acl students external wb_group Students

> Regards
> Jay
>
>> -----Original Message-----
>> From: Simon Bryan [mailto:sbryan@olmc.nsw.edu.au]
>> Sent: Monday, 4 August 2003 9:13 AM
>> To: squid-users@squid-cache.org
>> Subject: [squid-users] wb_group
>>
>>
>> Hi all,
>> I am working my way through why the delay_pools do not work for
>> me, I suspected
>> winbind and have been rebuilding everything. I have an issue with
>> wb_group that I
>> can't resolve. If I use wb_group -d and enter a valid username I
>> get a list of
>> groups as below:
>>
>> student
>> /wb_group[22779](wb_check_group.c:343): Got 'student' from Squid
>> (length: 7).
>> /wb_group[22779](wb_check_group.c:237):
>> SID:S-1-5-21-8915387-1576539265-1404200075-513
>> /wb_group[22779](wb_check_group.c:237):
>> SID:S-1-5-21-8915387-1576539265-1404200075-3041
>> /wb_group[22779](wb_check_group.c:237):
>> SID:S-1-5-21-8915387-1576539265-1404200075-3530
>> ERR
>>
>> However it always terminates with an ERR which seems to me what
>> it must be sending
>> to Squid so the users never fall into a group.
>> I am using the Squid snapshot from 3rd August and Samba 2.2.8a, I
>> have copied over
>> the winbindd_nss.h file over the top of the Squid.
>>
>> Squid -v gives:
>> Squid Cache: Version 2.5.STABLE3-20030803
>> configure options: --enable-delay-pools --enable-auth=ntlm,basic
>> --enable-basic-auth-helpers=winbind --enable-ntlm-helpers=winbind
>>
>>
>> wb_info gives all the right answers.
>>
>> Any clues appreciated.
>>
>>
>> As a second question, when using wb_group in an acl do you use
>> the NT group name eg
>> 'teachers' or the SID number as given by wb_group on the command line?
>>
>> Cheers,
>>
>> ____________________
>> Simon Bryan
>> IT Manager
>> OLMC Parramatta
>>
>>
>

____________________
Simon Bryan
IT Manager
OLMC Parramatta
Received on Sun Aug 03 2003 - 21:36:14 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:33 MST