Truth Seeker wrote:
>
>>>
>>> Any help is really appreciated!!!
>>>
>>>
>> Try being case-sensitive in the group names. The ones you
>> configured Squid with do not match the ones you detailed as
>> example. Assuming both were correct they may be mis-matched
>> because 'S' is not 's' etc.
>
> It was my mistake in the mail. all are lowercase in group names as well as in squid.conf
>
>>
>> Try also with this as the first of the auth ACL:
>> acl AuthorizedUsers proxy_auth REQUIRED
>> http_access deny !AuthorizedUsers
>>
>> it will force a login if none is supplied.
>
> I tried this too, but No hope. Once again the following is my environment.
>
> Win 2k3 (with ADS) <---> Squid Proxy (squid-3.0.STABLE13-1.el5) on CentOS 5.3 (Samba, Winbind, Kerberos, squid configured)
>
>
> now this are my entries;
> auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 5
> #auth_param ntlm max_challenge_reuses 0
> #auth_param ntlm max_challenge_lifetime 2 minutes
> auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2..5-basic
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> acl AuthorizedUsers proxy_auth REQUIRED
> http_access deny !AuthorizedUsers
> external_acl_type unix_group %LOGIN /usr/lib/squid/squid_unix_group
>
Oh, hang on. UNIX groups are not the same as AD groups.
I think that helper is probably not testing AD compatible.
Try the winbind group helper wbinfo_group.pl
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13Received on Sun Aug 09 2009 - 07:48:07 MDT
This archive was generated by hypermail 2.2.0 : Sun Aug 09 2009 - 12:00:03 MDT