RE: [squid-users] wb_group

I think you have your ACL's wrong.

That said I haven't tried it with multiple groups as you have.
I use a file located on the file system to list my groups that I want
to allow internet access to.

I use an external file for listing the groups as you cannot list groups in
squid.conf if they have a space in them (Domain Users for example)

Below are the relevant excerpts from my squid.conf:

====snip==========
external_acl_type NTGroups %LOGIN /usr/lib/squid/wb_group
acl InternetUsers external NTGroups "/etc/squid/ntgroups-access"
acl AuthorizedUsers proxy_auth REQUIRED

http_access allow AuthorizedUsers InternetUsers
http_access deny all
=====end snip=====

where ntgroups-access contains:
Domain Users
Administrators

**Note Make sure there is no blank line after the last listed NT group in
the access file.
Otherwise it doesn't work.

Regards
Jay

> -----Original Message-----
> From: Simon Bryan [mailto:sbryan@olmc.nsw.edu.au]
> Sent: Monday, 4 August 2003 11:20 AM
> To: jturner@bsis.com.au
> Cc: squid-users@squid-cache.org
> Subject: RE: [squid-users] wb_group
>
>
> Jay Turner said:
> > You need to supply the account name and the group to the
> wb_group helper.
> >
> > OK will be returned if the user provided is in the group provided.
> >
> > ie DOMAIN\\username "Domain Users"
> >
> > See if that helps
>
>
> Yes it works from the command line OK with that syntax. Does Squid do that
> automatically? If not how do you configure the acl? I have the
> following at the
> moment:
>
> acl winauth external wb_group wwwusers
> acl banned external wb_group banned
> acl staff external wb_group Teachers
> acl students external wb_group Students
>
>
>
>
> > Regards
> > Jay
> >
> >> -----Original Message-----
> >> From: Simon Bryan [mailto:sbryan@olmc.nsw.edu.au]
> >> Sent: Monday, 4 August 2003 9:13 AM
> >> To: squid-users@squid-cache.org
> >> Subject: [squid-users] wb_group
> >>
> >>
> >> Hi all,
> >> I am working my way through why the delay_pools do not work for
> >> me, I suspected
> >> winbind and have been rebuilding everything. I have an issue with
> >> wb_group that I
> >> can't resolve. If I use wb_group -d and enter a valid username I
> >> get a list of
> >> groups as below:
> >>
> >> student
> >> /wb_group[22779](wb_check_group.c:343): Got 'student' from Squid
> >> (length: 7).
> >> /wb_group[22779](wb_check_group.c:237):
> >> SID:S-1-5-21-8915387-1576539265-1404200075-513
> >> /wb_group[22779](wb_check_group.c:237):
> >> SID:S-1-5-21-8915387-1576539265-1404200075-3041
> >> /wb_group[22779](wb_check_group.c:237):
> >> SID:S-1-5-21-8915387-1576539265-1404200075-3530
> >> ERR
> >>
> >> However it always terminates with an ERR which seems to me what
> >> it must be sending
> >> to Squid so the users never fall into a group.
> >> I am using the Squid snapshot from 3rd August and Samba 2.2.8a, I
> >> have copied over
> >> the winbindd_nss.h file over the top of the Squid.
> >>
> >> Squid -v gives:
> >> Squid Cache: Version 2.5.STABLE3-20030803
> >> configure options: --enable-delay-pools --enable-auth=ntlm,basic
> >> --enable-basic-auth-helpers=winbind --enable-ntlm-helpers=winbind
> >>
> >>
> >> wb_info gives all the right answers.
> >>
> >> Any clues appreciated.
> >>
> >>
> >> As a second question, when using wb_group in an acl do you use
> >> the NT group name eg
> >> 'teachers' or the SID number as given by wb_group on the command line?
> >>
> >> Cheers,
> >>
> >> ____________________
> >> Simon Bryan
> >> IT Manager
> >> OLMC Parramatta
> >>
> >>
> >
>
>
> ____________________
> Simon Bryan
> IT Manager
> OLMC Parramatta
>
>
Received on Sun Aug 03 2003 - 22:19:24 MDT