On Saturday 14 June 2003 12.18, Mark Fagan wrote:
> Hi all,
>
> I am quite new to this list, however having sifted through many
> pages of FAQ's and config docs I am still confused as to if it is
> possible to acheive my goal.
>
> I am working with squid.2.4.stable1, and am trying to authenticate
> NT domain users/groups particularly groups against destination
> url's.
>
> for example group1 should only access www.cnn.com
> group2 should only access www.inex.ie
>
> I am having much difficulty in acheiving this, and having some
> pretty basic authentication issues.
>
> 1) smb_auth will only authenticate the (NT) user I initiate the
> smb_auth script as, once authenticated I get the usual Internet
> explorer "we cant find www.whatever.com" if I then re-type the url
> I get out fine.
This is a IE bug. See the Squid FAQ:
> 2) If I attempt to authenticate as any other NT user I get the same
> blank page, but cannot get out to the Internet. (weird)
Have not heard of this symptoms, but it quite likely is the same
bug.,.
> I am looking to perform authentication based on NT group and am
> using webmin as the interface to acheive this (currently) I also
> tried manually editing the squid.conf as well to no avail.
smb_auth does not and can not have group integration.
> Can I authenticate particular NT groups based on destination URL
> with smb_auth, I cannot find documentation anywhere on hos this is
> acheived.
Not with smb_auth. But you can by using the winbind helpers. See the
Squid FAQ entry on how to set up Squid for using winbind.
> I beleive there are multiple solutions for NT authentication such
> as NTLM etc, however it is not possible for me to recompile of
> upgrade squid at this time.
Then for groups you will need to maintain local text files listing the
members of each group, and define a proxy_auth acl per group.
Note: The browser issues discussed above is just that, and not
something Squid can be blaimed for.
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Sat Jun 14 2003 - 07:22:16 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:22 MST