Re: [squid-users] problem using acl with winbind

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 26 Nov 2002 12:28:52 +0100

Which Samba version are you using?

See the Squid FAQ on supported Samba versions and how to make the Squid
winbind helpers work with different Samba versions.

Regards
Henrik

"Wilson A. Galafassi Jr." wrote:
>
> hello!
>
> this is my squid.conf
>
> http_port 3128
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> cache_mem 16 MB
> maximum_object_size 2048 KB
> cache_dir ufs /var/log/squid/cache 100 16 256
> cache_access_log /var/log/squid/logs/access.log
> cache_log /var/log/squid/logs/cache.log
> cache_store_log /var/log/squid/logs/store.log
> pid_filename /var/log/squid/logs/squid.pid
>
> auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
>
> auth_param basic program /usr/local/squid/libexec/wb_auth
> auth_param basic children 5
> auth_param basic realm Matrix Proxy server
> auth_param basic credentialsttl 2 hours
>
> external_acl_type NT_global_group %LOGIN
> /usr/local/squid/libexec/wb_group
> acl FullAccess external NT_global_group CPD
> http_access allow FullAccess
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
>
> http_access deny manager !localhost
> http_access deny !Safe_ports
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> cache_mgr wgalafassijr@terra.com.br
> cache_effective_user squid
> cache_effective_group squid
>
> the autentication doesn't work. says: "access denid" what??? everything
> is correct??
>
> the commands wbinfo -g/-u/-a works fine.
>
> thanks
> wilson
Received on Tue Nov 26 2002 - 03:28:45 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:34 MST