Quoting Jim Barber ([EMAIL PROTECTED]): > In my investigations so far I don't believe this is going to work for some > reason. > I believe the fault is possibly with squid rather than with winbind.
Thanks a lot for investigating this. I vaguely remember coming on that issue during my last samba bugs jihad last year..:-) I don't know if you started a general bug triage on samba bugs, Jim, but that would definitely be welcomed by the packaging team....even if this is partial, that would be welcomed. > Finally as a compromise, and because I need to get NTLM working here at > work I settled on using GUID instead. > So my permissions are: > > -rwxr-sr-x 1 root winbindd_priv 968848 Feb 6 15:45 > /usr/bin/ntlm_auth > > Still not the right solution I know; but gets me going with no risk of a > local user being able to get root access by exploiting a bug (if any) in > ntlm_auth. > > So the interesting part is that squid doesn't seem to be picking up on the > secondary groups. > There seems to be a number of setuid, seteuid, setreuid, etc and their > equivalent gid system calls. > Perhaps squid is using the wrong one? All this seem to anyway suggest that the bug is reassigned to the squid package, doesn't it?
signature.asc
Description: Digital signature
