RE: [squid-users] Integate squid and linux with Win 2003 AD in 10 steps

From: Mohsin Khan <aaghaz00@dont-contact.us>
Date: Thu, 9 Sep 2004 01:42:59 -0700 (PDT)

Normally windows users have spaces in their usernames,
i once tried this setup, leaving the group auth part,
all works fine but the users with spaces was not
handled by squid. Can you help.
--- newsgroupie <newsgroupie@infomedia.com.au> wrote:

> As a follow up, I may have missed one fine detail,
> so here is a
> correction.
> To make all this work you will also need to
> configure PAM to work with
> Winbind for Authentication. Sorry for missing this
> step. Do'h!
>
> You will need to add the following to your
> /etc/pam.d/login file. Mine
> looks exactly like this:
>
> #%PAM-1.0
> #
> #Winbind config
> auth required /lib/security/pam_securetty.so
> auth sufficient /lib/security/pam_winbind.so
> auth sufficient /lib/security/pam_unix.so
> use_first_pass
> auth required /lib/security/pam_stack.so
> service=system-auth
> auth required /lib/security/pam_nologin.so
> account sufficient /lib/security/pam_winbind.so
> account required /lib/security/pam_stack.so
> service=system-auth
> password required /lib/security/pam_stack.so
> service=system-auth
> session required /lib/security/pam_stack.so
> service=system-auth
> session optional /lib/security/pam_console.so
>
> I'm pretty sure that's it this time..... :-)
>
>
>
>
> -----Original Message-----
> From: newsgroupie
> [mailto:newsgroupie@infomedia.com.au]
> Sent: Thursday, 9 September 2004 2:23 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Integate squid and linux with
> Win 2003 AD in 10
> steps
>
> Hi,
>
> I hope this post can be the be all and end all for
> those needing to use
> true "STABLE" squid code suitable for production
> use. Because I see this
> kind of question on lists so often so I would like
> to offer my
> assistance.
>
> The following is a known good and very heavily
> tested solution I have
> had working for about 2 years that has never missed
> a beat with over 400
> users. This solution will work in Win2000k AD,
> Win2003 AD in either non
> native or native modes. (Also even NT4 too)
>
> My instructions assume Red hat 7.3 and a reasonable
> bit of Linux/squid
> knowledge. I apologize if this documentation is not
> perfect but for
> those out there with more than a clue you should be
> able to follow this
> guide and fill in any small blanks I may have
> missed. For the many the
> most helpful bits might be are the extras you must
> add to both the
> squid.conf and Samba.conf files to make it all come
> together.
> Of course you will have to adjust these where
> appropriate for your
> distro.
>
>
************************************************************************
> ****
>
>
> STEP ONE
>
> Copy Samba 2.2.8a source tarball to
> /usr/src/redhat/SOURCES
>
>
> STEP TWO
>
> Compile the squid 2.5 Stable 3 Source with the
> following options the
> squid.spec file. This will configure and build Squid
> to include the
> winbind helpers from Samba into itself.
>
> --exec_prefix=/usr --bindir=/usr/sbin
> --libexecdir=/usr/lib/squid \
> --localstatedir=/var --sysconfdir=/etc/squid \
> --enable-poll --enable-snmp
> --enable-removal-policies="heap,lru" \
> --enable-storeio="aufs,coss,diskd,ufs"
> --enable-ssl \
> --with-openssl=/usr/kerberos \
> --enable-delay-pools --enable-linux-netfilter \
> --with-pthreads \
> --with-samba-source=/usr/src/redhat/SOURCES \
> --enable-auth="ntlm,basic" \
>
>
--enable-basic-auth-helpers="winbind,LDAP,NCSA,PAM,SMB,SASL,MSNT"
> \
> --enable-ntlm-auth-helpers="SMB,winbind" \
>
>
--enable-external-acl-helpers="ip_user,ldap_group,unix_group,wbinfo_grou
> p,winbind_group" \
>
>
> STEP THREE
>
> Build SAMBA 2.2.8a from Source RPM using the
> following entries in spec
> file. This will configure Samba in a fairly generic
> Red Hat way but will
> also include the Winbind helpers and the LDAP hack
> required to allow
> Samba to talk to 2000/2003 Native mode AD
>
> --prefix=%{prefix} \
> --localstatedir=/var \
> --with-configdir=/etc/samba \
> --with-privatedir=/etc/samba \
> --with-codepagedir=/etc/codepages \
> --with-fhs \
> --with-quotas \
> --with-msdfs \
> --with-smbmount \
> --with-pam \
> --with-winbind \
> --with-winbind-auth-challenge \
> --with-winbind-ldap-hack \
> --with-pam-winbind \
> --with-pam_smbpass \
> --with-syslog \
> --with-utmp \
> --with-sambabook=%{prefix}/share/swat/using_samba \
> --with-swatdir=%{prefix}/share/swat \
> --with-libsmbclient
>
>
>
> STEP FOUR
>
> Install Both the Squid and Samba RPM binaries
>
>
> STEP FIVE
>
> Change the following lines in your
> /etc/nnswitch.conf file to:
>
> passwd: files winbind
> shadow: files
> group: files winbind
>
>
> STEP SIX
>
> Configure at least the following lies in your
> Samba.conf
>
> [global]
>
> # workgroup = NT-Domain-Name or Workgroup-Name
> workgroup = YOUR-NETBIOS-DOMAIN-NAME
>
> # server string is the equivalent of the NT
> Description field
> server string = Linux Proxy Server
>
> # separate domain and username with '+', like
> DOMAIN+username
> winbind separator = \\
> # use uids from 10000 to 20000 for domain users
> winbind uid = 10000-20000
> # use gids from 10000 to 20000 for domain
> groups
> winbind gid = 10000-20000
> # allow enumeration of winbind users and groups
> # might need to disable these next two for
> performance
> # reasons on the winbindd host
> winbind enum users = yes
> winbind enum groups = yes
> # give winbind users a real shell (only needed
> if they have
> telnet/sshd/etc... access)
> #template homedir = /home/winnt/%D/%U
> template homedir = /home/winnt
> template shell = /bin/bash
> netbios name = PROXY
>
=== message truncated ===

=====
Regards,
Mohsin Khan
CCNA ( Cisco Certified Network Associate 2.0 )
http://forum.aaghaz.net

>>>Happy is the one who can smile<<<

                
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
Received on Thu Sep 09 2004 - 02:43:09 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT