Hello,
I'm running Squid-2.t.stable7 on a windows 2003 server.
It works perfectly, but now i won't users to authenticate.
This is mij squid.conf
------------------------------------------------------------------------------------
http_port 6588
icp_port 0
cache_peer wwwproxy.xs4all.nl parent 8080 3130 no-query default
connect_timeout 120 seconds
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 50 MB
cache_swap_low 90
cache_swap_high 95
ipcache_size 1024
ipcache_low 90
ipcache_high 95
cache_dir ufs d:/squid/cache 500 16 256
cache_access_log d:/squid/log/access.log
cache_log d:/squid/log/cache.log
cache_store_log none
mime_table d:/squid/etc/mime.conf
pid_filename d:/squid/log/squid.pid
debug_options ALL,1 33,2
log_fqdn off
ftp_user anonymous@annamaria.nl
ftp_sanitycheck on
diskd_program d:/squid/libexec/diskd.exe
unlinkd_program d:/squid/libexec/unlinkd.exe
authenticate_ip_ttl 60 seconds
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern . 0 20% 4320
read_timeout 15 minutes
request_timeout 20 seconds
client_lifetime 200 minutes
half_closed_clients off
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl inside src 172.16.0.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
auth_param ntlm program d:/squid/libexec/win32_ntlm_auth.exe
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate on
auth_param basic program d:/squid/libexec/nt_auth.exe
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
external_acl_type NT_global_group %LOGIN
d:/squid/libexec/win32_check_group.exe -G -d
external_acl_type NT_local_group %LOGIN
d:/squid/libexec/win32_check_group.exe -G -d
acl glo external NT_global_group Leerlingen
acl loc external NT_local_group proxyinternet
acl test proxy_auth REQUIRED
http_access allow glo
http_access allow loc
http_access allow test
http_access allow manager localhost
http_access deny manager
http_access allow inside
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access deny all
miss_access allow all
miss_access allow manager
cache_effective_user nobody
visible_hostname ams-guard
dns_testnames www.annamaria.nl
logfile_rotate 7
minimum_direct_hops 6
acl local-servers dstdomain .annamaria.nl
acl local-servers dstdomain .ams.local
always_direct allow local-servers
acl local_ip src 172.16.0.1-172.16.0.40/255.255.255.0
always_direct allow local_ip
acl biblion dstdomain .knipselkranten.nl
acl biblion dstdomain 192.87.152.11
acl biblion dstdomain 192.87.152.80
always_direct allow biblion
never_direct allow all
icon_directory d:/squid/share/icons
error_directory d:/squid/share/errors/English
coredump_dir d:/squid/cache
ie_refresh on
------------------------------------------------------------------------------
What i want?
That squid can get the user names and passwords out of the AD from
windows 2003
so that i can give the groups rights to access the internet or deny
some urls.
I don't know what i'm doing wrong.
Received on Thu Jan 27 2005 - 07:30:18 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:36 MST