Re: [SQU] Protocol dependend SMB_auth !! Got the solution. Maybe you should add it to your faq.

Max that is a very hard way to solve your problem....and it wont' address
your request to avoid separate auth files.

lets see if I have it right?
you want the members of inetuser to get http access and
the members of ftpusers to get ftp access?

Answer:
currently squid does NOT SUPPORT GROUP MEMBERSHIPS from the native user
database. That is SMB/NTLM/LDAP/Basic auth types are all group-ignorant. You
can emulate groups with the following syntax

acl inetusers proxy_auth sam john mary peter
or
acl inetusers proxy_auth "userfile"
to pull the details from a file.

do get the different list of users for each protocol use two proxyauth acl's
acl inetusers proxy_auth sam john mary
acl ftpusers proxy_auth sam mary

then

acl ftp proto ftp
acl http proto ftp

and finally

http_access allow http inetusers
http_access allow ftp ftpusers
http_access deny all

should give you one instance of squid, different users allowed ftp and http,
and no separate files (allthough you can use group files (for example
exported from your PDC) if you want).

You could also write an export module to get the group membership from the
DC and extend squid (bigger project though).

Rob

----- Original Message -----
From: "Moser Max (RTC)" <max.moser@rtc.ch>
To: <squid-users@ircache.net>
Sent: Friday, September 01, 2000 6:11 PM
Subject: [SQU] Protocol dependend SMB_auth !! Got the solution. Maybe you
should add it to your faq.

> My prob was that i have some NT groups (lets say:Inetusers and Ftpusers).
> I dont want an additional authorisation file etc. So i checked smb_auth.
> Because Squid only pass User and PAssword to an external authentication
> Programm
> it would not be possible to use one Authmethod for FTP and one for HTTP.
>
> After a long toilett meeting i got an idea.
>
> Yo can solf it like this:
>
> You got a PDC/BDC a Proxy with 2 Squid running on it and an apache on it.
>
> So configure it like this.
>
> Install the Apache on port 8080 and add as default file the Autoconfig.pac
> file. i will post mine if you all want.
> then you install one squid on port 8081 for http and one squid on 8082 for
> ftp. now you can define 2 different configs
> for those squids one that veryfies with smb_auth the ftp and one that do
> taht for http. thats is i guess that should
> work.
>
> I will inform you bout my config and tests in detail if you want.
>
> Greetings
>
> Max
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html