[squid-users] Squid 2.5 Win2K Domain & Usergroup access

From: Andrew Jackman <andrewj@dont-contact.us>
Date: Wed, 22 Mar 2006 08:17:17 +1100

Hello,

I have got Proxy access controlled by NT Groups working with my Windows
2000 Domain... but the problem I am having is that Squid does not
recognise changes to the groups until I restart winbindd and squid.

Squid 2.5.STABLE13 NTLM with Samba-3.0.21c and Access Controlled with NT
Groups (Windows 2000 domain)

Here are some excerpts from my configs:

squid.conf:

auth_param ntlm program /usr/local/samba3/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes # ntlm_auth from Samba
3 supports NTLM NEGOTIATE packet auth_param ntlm use_ntlm_negotiate on

auth_param basic program /usr/local/samba3/bin/ntlm_auth
--helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param
basic realm Squid proxy-caching web server auth_param basic
credentialsttl 2 minutes

external_acl_type NTGroup ttl=60 %LOGIN
/usr/local/squid/libexec/wbinfo_group.pl

acl AccessInternet external NTGroup Proxy_Access_Internet

http_access allow AccessInternet

http_access deny all

smb.conf:
workgroup=my_domain_name
password server = my_domain_controller
security = domain
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
winbind cache time = 2

Any help would be greatly appreciated!

Thankyou
 

Andrew Jackman
Information Systems Administrator
Kempe - IT Department
Direct Tel: +61 (0) 3 5225 2943
Fax: +61 (0) 3 5225 2855

------Disclaimer------

"The information transmitted in this email is intended only for the
person or entity to which it was addressed. This email may contain
confidential or privileged information. If you are not the intended
recipient, any use, reproduction, dissemination, re-transmission or
action taken in reliance on this Email is strictly prohibited.
If you have received this Email in error, please contact the sender
and delete this material from your computer.

The organization will not accept any liability for materials
transmitted via the Internet that are intentionally or
unintentionally offensive to the reader.

This Email must not be forwarded to others unless expressly
authorised in this Email. Any reply to this Email must only be to
the author, unless reply to others is expressly authorised in this
Email."
Received on Tue Mar 21 2006 - 14:17:21 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST