Hi all
I have squid 2.5STABLE7 running along with samba 3.0.8 using NTLM
auth. I have the folowing ACL's in my squid.conf:
------------------------------
external_acl_type nt_group %LOGIN /usr/lib/squid/wbinfo_group.pl
# access control list
acl QUERY urlpath_regex cgi-bin \?
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21 70 80 210 280 443 563 488 554 1025-65535
acl CONNECT method CONNECT
acl allowedurls dstdomain "/etc/squid/acls/allowedurls"
acl blockcache url_regex -i "/etc/squid/acls/blockcache"
acl Authenticated proxy_auth REQUIRED
acl AllowedNTUsers external nt_group "/etc/squid/acls/allowedntgroups"
# Deploy access control list
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow AllowedNTUsers
#http_access deny all
#icp_access deny all
------------------------------
I have a user named roland who is in the domain group "Domain Users",
the winbindd log seams to see this and will auth the user against my
domain, but I cannot acces any webpages. The folowing is taken from
syslog/acces.log when trying to access ww.bbc.com
------------------------------
2004/11/11 12:51:47| The request GET http://www.bbc.com/ is DENIED,
because it matched 'AllowedNTUsers
1100173907.906 22 172.29.10.180 TCP_DENIED/403 1377 GET
http://www.bbc.com/ roland NONE/- text/html
------------------------------
I do not understand this. I have "Domain Users" in
"/etc/squid/acls/allowedntgroups" and windbind seams to work coretly.
Can someone give me some input about this, perhaps an example on
including domain groups such as "Domain Users" in squid.
Thanks in advance.
Received on Thu Nov 11 2004 - 05:02:16 MST
This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST