Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Fri, 2004-09-10 at 09:05, Yimin Chen wrote:
> Hi Andrew,
> Thanks for the clarification!=20
> I was trying to evaluate which API I can use to do NTLM authentication
> and group authorization. ntlm_auth was the first one I was looking at,
> since it is the one squid uses. Since this protocol doesn't exist
> today, I can still use:
> winbindd_request(WINBINDD_GETGROUPS, &request, &response) to manually
> retrieve the group sids, right?=20
> Is there an API that I can use to retrieve a list of group names
> instead of group sids, given username?

I would strongly suggest you *don't* call winbindd directly. Firstly,
the getgroups is not an ideal call, due to posix conversions that occour
(if you want to match with windows groups, there are more points of
failure if you must first convert to posix uid/gid form). =20

But more seriously, the winbindd pipe interface changes, this is why I
added ntlm_auth - it was driving the squid team batty :-)

Work with me to add the extensions we require to ntlm_auth, and use

Andrew Bartlett

Andrew Bartlett abartlet@samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet@hawkerc.net

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBBQOXEw6AkmCjZ77cRAv7aAKCEIWuMBW4y+4YP28kDwp 2cYrqZvwCgjHTd