[squid-users] squid 2.6 ntlm active directory problem from Wilson Galafassi on 2007-08-10 (squid-users)

From: Wilson Galafassi <wilson.galafassi@dont-contact.us>
Date: Fri, 10 Aug 2007 17:19:28 -0300

hello.

i'm using samba 3.0.24-3 and squid-2.6.STABLE13-1 with fc6.

my smb.conf
[global]
workgroup = DOMAIN
netbios name = NETSERVER
server string = PROXY SERVER
load printers = no
log file = /var/log/samba/log.%m
max log size = 500
realm = DOMAIN.COM
security = ads
auth methods = winbind
password server = server.ddomain.com
winbind separator = +
encrypt passwords = yes
winbind cache time = 15
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
idmap uid = 10000-20000
idmap gid = 10000-20000
local master = no
os level = 233
domain master = no
preferred master = no
domain logons = no
wins server = 10.0.0.249
dns proxy = no
ldap ssl = no

my squid.conf
http_port 3128

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 10
auth_param basic realm Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
authenticate_cache_garbage_interval 10 seconds

authenticate_ttl 0 seconds

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
negative_ttl 5 minutes

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_reply_access allow all
icp_access allow all

external_acl_type nt_group %LOGIN /usr/lib/squid/wbinfo_group.pl
acl AllowedWindowsGroups external nt_group internet
http_access allow AllowedWindowsGroups
http_access deny all

the command wbinfo -u and -g works fine. no problems to join the domain.
my problem is some users when connecting msn messenger specially don't
register in the acces.log only the username of the user. sometimes
access to other sites don't log only the username too.

some sugestion to fix this?

Thanks
Wilson Galafassi
Received on Fri Aug 10 2007 - 14:19:37 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT