AW: [squid-users] Winbind and Windows groups

From: Rost, Werner <Werner.Rost@dont-contact.us>
Date: Mon, 17 Feb 2003 08:37:50 +0100

Maybe a bug. I observe the same prolem.

Please look at the bugzilla database entry 518.

> Mit freundlichen Grüßen / regards
> Werner Rost
>
> ---------------------------------------------------------------------
> ZF Boge GmbH
> Werner Rost
> IT
> Friesdorfer Str. 175
> D-53175 Bonn
>
>
> phone: +49/228/3825 420
> fax: +49/228/3825 398
> werner.rost@zfboge.com
>
> www.boge-vibrationcontrol.com/
> ---------------------------------------------------------------------
>

-----Ursprüngliche Nachricht-----
Von: Simon Bryan [mailto:sbryan@olmc.nsw.edu.au]
Gesendet am: Montag, 17. Februar 2003 06:11
An: Squid-Users
Betreff: [squid-users] Winbind and Windows groups

Hi all,
I have sorted out most of my winbind problems at least at Samba - command
line level. However I still cannot get Squid to recognise the groups. The
relevant kines from my Squid.conf file are below.
Note that wbinfo -u returns the users, wbinfo -g returns the groups from the
domain, if I feed a correct domain+username groupname to wb_group it returns
'OK' or 'ERR' as the case may be.
Is there anything wrong in my conf file that is obvious, or can I not do
this yet?

Using SQUID snapshot from 13th Feb 03

***************************************************************************
external_acl_type wb_group %LOGIN /usr/local/squid/libexec/wb_group
acl winauth external wb_group wwwusers
acl staff external wb_group Teachers
acl students external wb_group Students
authenticate_ttl 1 hour
authenticate_ip_ttl 300 seconds

#a list of webmail domains from Dansguardian
acl webmail dstdomain "/etc/dansguardian/blacklists/mail/domains"

#some regex expressions that used to work OK with IP based acls
acl webmail2 urlpath_regex "/usr/local/squid/acls/webmailregex"

acl password proxy_auth REQUIRED

#using this as a test, if I make it a http_access deny TEST all it works
acl TEST dstdomain .passport.com

http_access deny redworm
http_access deny FTPDownloads PUT
http_access deny banned-url
http_access allow manager localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access allow CONNECT SSL_ports
http_access deny !Safe_ports
http_access deny to_localhost
http_access deny all !password
http_access deny students TEST
http_access deny students webmail webmail2
http_access allow local_servers
http_access allow FTPDownloads
http_access allow our_networks
http_access allow olmcwarnings

#And finally deny all other access to this proxy
http_access allow all
****************************************************************************
**************
_________________________________________
Simon Bryan
IT Manager
OLMC Parramata
ICQ#: 137562751
_________________________________________
Received on Mon Feb 17 2003 - 00:41:42 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:25 MST