Re: [squid-users] Squid and Active Directory

From: Matt Alexander <lowbassman@dont-contact.us>
Date: Wed, 3 Nov 2004 17:03:57 -0700

You'll need to edit your samba config file for your particular domain,
start winbindd, and add the following to your squid.conf:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 30 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Web Proxy
auth_param basic credentialsttl 2 hours
external_acl_type nt_group ttl=0 concurrency=5 %LOGIN
/usr/lib/squid/wbinfo_group.pl
acl winbind proxy_auth REQUIRED
acl internetusers external nt_group internet
http_access allow internetusers
http_access deny all

The above also contains the additional requirement that users must be
in the Windows "internet" group. If you don't need this then you can
remove the internetusers acl and the wbinfo_group.pl line. Then
change http_access to allow winbind.
~Matt

On Wed, 3 Nov 2004 22:45:49 -0000, John <john.rushe@tiscali.co.uk> wrote:
> Hi
>
> My site is moving away from LDAP to Active Directory for authentication
> for our internet users going through the Squid proxy server. In order to get
> squid to talk to active
> directory for user authentication, it is also a requirement to set up,
> configure and run samba? I had hoped that switching to active directory
> would just mean tweaking the existing LDAP auth_param directive.
>
> Regards
>
> John
>
>

-- 
Get Firefox!
http://www.mozilla.org/products/firefox/
Received on Wed Nov 03 2004 - 17:04:02 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST