RE: [squid-users] How do I Ubuntu 9.04 + Squid3 + likewise-open +Active Directory on Windows Server 2003 R2

Thanks Amos,
I have tried a different approach to my issue and used Centos 5.3 and the following instructions: "http://wiki.squid-cache.org/ConfigExamples/Authenticate/NtlmCentOS5"
This had the system required in less than 45 minutes. Compared to a whole day attempting to use ubuntu 9.04. The instructions just worked for me including using an internet access control group in windows server 2003 r2.

There seems to be so much variance between different distributions.

Thanks for taking a look anyway,
Hopefully someone searching the list gets value from this at a later stage.

----------------------------------------
> Date: Sun, 17 May 2009 18:38:06 +1200
> From: squid3_at_treenet.co.nz
> To: michael_hiatt_at_hotmail.com
> CC: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] How do I Ubuntu 9.04 + Squid3 + likewise-open +Active Directory on Windows Server 2003 R2
>
> michael hiatt wrote:
>> Hi guys,
>> I have Ubuntu 9.04 (Desktop) and attempting to use authentication to a windows werver 2003 r2 box.
>> I have installed likewise-open and been able to successfully "join" with domainjoin-cli command
>> using the following link as a guide: https://help.ubuntu.com/9.04/serverguide/C/likewise-open.html
>>
>> Is it possible to use this method instead of winbind (as the config examples wiki shows)?
>>
>> If so how would i go about implmenting this so that users on windows xp machines that are logged into my domain will be denied or allowed access using internet explorer?
>>
>
> Maybe yes, maybe no.
>
> There are a few parts to this: (for the pedantic, please forgive my
> generalizations)
>
> 1) "join the domain" --- so that the squid box/IP has permission to
> question the domain controller for credentials. Nothing more, nothing
> less. This is separate to the rest of the setup, but is required in most
> cases for (3) to happen.
>
> 2) "authentication" --- getting the credentials from the client.
> The auth helpers Squid provides do this part. Is independent of the
> other steps, but limited to links where the client 'knows' its talking
> to Squid.
>
> 3) "authorization" --- checking that the credentials are right.
> The auth helpers do this when possible as well. Some require both auth
> helper and external_acl_type helpers like winbind to check additional
> criteria (groups etc).
> This is the part which require (1) above. The nature of the helpers
> involved has a LOT of variance, and may be self-written to do anything.
> Winbin dis one such helpers, if you are able to find or create a helper
> that works in your specific needs/environment great.
>
> On a side note, (3) can be done regardless of (2) with carefully
> selected criteria other than username/password.
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
> Current Beta Squid 3.1.0.7

_________________________________________________________________
Want to stay on top of your life online? Find out how with Windows Live!
http://windowslive.ninemsn.com.au/
Received on Sun May 17 2009 - 06:48:28 MDT