Re: [squid-users] acl with groups + w2k domain

Hi,

Thanks for the help i am sure that will come in handy
later.

I have joined the linux box to the w2k domain. When i want
to test the squid with ntlm_auth by doing the following:

ntlm_auth --helper-protocol=squid-2.5-basic
--domain=mydomain --username=username --password=password

nothing happens but when i test it like the following:

ntlm_auth --domain=mydomain --username=username
--password=password

I get OK.

How can i get an OK with the helper?

Thanks
Regards

On Tue, 1 Mar 2005 01:10:56 -0800
 "Allen Armstrong" <allen_armstrong@telus.net> wrote:
> Hi,
>
> It can be done. I just finished doing it here is part of
> my conf that might
> help. This is after you get the winbind. I am using
> NTLM for single signon
> purposes.
>
> I first got Windows Authentication to work and then
> worked on groups. E.g.:
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 30
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
>
> external_acl_type nt_group ttl=0 concurrency=5 %LOGIN
> /usr/lib/squid/wbinfo_group.pl
>
> acl staff external nt_group internet-staff
> acl students external nt_group internet-students
> acl noaccess external nt_group Students
> acl kss dstdomain "/etc/squid/allowedurls"
>
> http_access allow 199network kss noaccess
> http_access allow 199network staff
> http_access allow 142network staff
> http_access deny notallowedurls students
> http_access allow 199network students
> http_access allow 142network students
>
>
> I hope that helps you. I am running 2.5 stable 3 of
> squid running under
> redhat.
>
>
> Ttyl,
>
>
> Allen Armstrong
>
>
>
> > -----Original Message-----
> > From: it clown [mailto:squid@mailbox.co.za]
> > Sent: February 27, 2005 4:19 AM
> > To: squid-users@squid-cache.org
> > Subject: [squid-users] acl with groups + w2k domain
> >
> > Hi All,
> >
> > I am using ISA server and i am wanting to replace it
> with
> > squid. I am running squid on a linux box. Now what i
> want
> > to do is have w2k users to use the squid proxy. I want
> to
> > add a few users in a group to have internet access and
> add
> > other users in another group to have access only to a
> few
> > sites.
> >
> > To do this i need to make the linux box part of the w2k
> > domain via winbind (I know how to do that)? How do i
> allow
> > some users to have full access to internet and to allow
> > others to only have access to some sites in squid? What
> > auth do i need to set squid to to auth the users with
> the
> > w2k domain controller?
> >
> > I do not want an auth box to pop up.
> >
> > Thanks
> > Regards
> >
>
______________________________________________________________
> > http://www.webmail.co.za the South African FREE email
> service
>

______________________________________________________________
http://www.webmail.co.za the South African FREE email service
Received on Tue Mar 01 2005 - 22:48:51 MST