Matt Harrison schrieb:
> Hi all,
> As far as the guide I have mentioned goes, my kerberos and ldap are
> working perfectly and samba is joined to the domain. winbind is running
> and using the ntlm helper tests from the guide it appears that
> authentication for users against the AD is working.
>
> The problem is that squid.conf is a very large config file and I've only
> ever played with a few options (1 acl, nothing more complex).
>
In short, you need the following things:
# auth helpers , something like
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
# if you want to check against a specifice AD group also you need an
external "group check helper" that comes with squid but must be installed
external_acl_type nt_group %LOGIN
/usr/local/squid/libexec/wbinfo_group.pl -d
# the following line only for group checking
acl INUSERS external nt_group AD_DOMAIN+INUSERS
# here you require authorization
acl allowed_users proxy_auth REQUIRED
# here you use the above acl in a http_access line. For group access put
the group ACL on the same line as here:
http_access allow allowed_users INUSERS
If you want basic access also, check that you define the helpers in the
correct order. It is easiest to first get one auth working before
defining the second.
Hope this helps,
Jakob
Received on Tue Oct 21 2008 - 13:59:14 MDT
This archive was generated by hypermail 2.2.0 : Tue Oct 21 2008 - 12:00:04 MDT