Greetings,
CentOS 4.5 x86_64, Apache 2.0.5.2, mod_auth_vas (uh...the snapshot that fixes the SVN slowness, as well as the latest official releases), VAS 3.1.1.
I am using "Require unix-group testgrp" on a location on one of our web servers. I noticed that if the user's primary group ID is set to "testgrp" but they are NOT in the corresponding AD group, mod_auth_vas denies the user as not being apart of the "testgrp" group. From the viewpoint of the OS itself (id, finger), the user is apart of the testgrp and has testgrp in its supplemental list. As soon as I add the user to the correct AD group, the user is allowed in (again, even though that user's primary GID is testgrp). Does mod_auth_vas not check the primary GID?
One more thing to note: our Unix groups were created in AD as "UNIX-Group-XXX" to keep the Unix names separate from the already existing Windows names. We use group mapping to assign the actual short name of the group. Just in case it matters...
Brendon
CentOS 4.5 x86_64, Apache 2.0.5.2, mod_auth_vas (uh...the snapshot that fixes the SVN slowness, as well as the latest official releases), VAS 3.1.1.
I am using "Require unix-group testgrp" on a location on one of our web servers. I noticed that if the user's primary group ID is set to "testgrp" but they are NOT in the corresponding AD group, mod_auth_vas denies the user as not being apart of the "testgrp" group. From the viewpoint of the OS itself (id, finger), the user is apart of the testgrp and has testgrp in its supplemental list. As soon as I add the user to the correct AD group, the user is allowed in (again, even though that user's primary GID is testgrp). Does mod_auth_vas not check the primary GID?
One more thing to note: our Unix groups were created in AD as "UNIX-Group-XXX" to keep the Unix names separate from the already existing Windows names. We use group mapping to assign the actual short name of the group. Just in case it matters...
Brendon