Have you also configured authentication? (auth_param ...)
The group helpers are only responsible for verifying group membership,
and relies on the authentication helper(s) to first verify the username
and password.
Regards
Henrik
mån 2003-02-17 klockan 06.11 skrev Simon Bryan:
> Hi all,
> I have sorted out most of my winbind problems at least at Samba - command
> line level. However I still cannot get Squid to recognise the groups. The
> relevant kines from my Squid.conf file are below.
> Note that wbinfo -u returns the users, wbinfo -g returns the groups from the
> domain, if I feed a correct domain+username groupname to wb_group it returns
> 'OK' or 'ERR' as the case may be.
> Is there anything wrong in my conf file that is obvious, or can I not do
> this yet?
>
> Using SQUID snapshot from 13th Feb 03
>
> ***************************************************************************
> external_acl_type wb_group %LOGIN /usr/local/squid/libexec/wb_group
> acl winauth external wb_group wwwusers
> acl staff external wb_group Teachers
> acl students external wb_group Students
> authenticate_ttl 1 hour
> authenticate_ip_ttl 300 seconds
>
>
> #a list of webmail domains from Dansguardian
> acl webmail dstdomain "/etc/dansguardian/blacklists/mail/domains"
>
> #some regex expressions that used to work OK with IP based acls
> acl webmail2 urlpath_regex "/usr/local/squid/acls/webmailregex"
>
> acl password proxy_auth REQUIRED
>
> #using this as a test, if I make it a http_access deny TEST all it works
> acl TEST dstdomain .passport.com
>
>
> http_access deny redworm
> http_access deny FTPDownloads PUT
> http_access deny banned-url
> http_access allow manager localhost
> http_access deny manager
> http_access deny CONNECT !SSL_ports
> http_access allow CONNECT SSL_ports
> http_access deny !Safe_ports
> http_access deny to_localhost
> http_access deny all !password
> http_access deny students TEST
> http_access deny students webmail webmail2
> http_access allow local_servers
> http_access allow FTPDownloads
> http_access allow our_networks
> http_access allow olmcwarnings
>
> #And finally deny all other access to this proxy
> http_access allow all
> ****************************************************************************
> **************
> _________________________________________
> Simon Bryan
> IT Manager
> OLMC Parramata
> ICQ#: 137562751
> _________________________________________
-- Henrik Nordstrom <hno@squid-cache.org> MARA Systems AB, SwedenReceived on Mon Feb 17 2003 - 08:06:05 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:25 MST