Fwd: [squid-users] Need help in integrating squid and samba

From: Avinash Rao <avinash.aol_at_gmail.com>
Date: Mon, 17 Aug 2009 18:54:45 +0530

Thanks for the quick response.
And, yes i will install squid using apt-get install command.
The basic winbindd functionality "wbinfo -t": is not successful

wbinfo -t
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
Could not check secret

Even, wbinfo -a mydomain\\myuser%mypasswd is unsuccessful

Wondering how i should proceed without this?


On Mon, Aug 17, 2009 at 1:15 PM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
> [re-inserting squid-users mailing list]
> Avinash Rao wrote:
>> On Mon, Aug 17, 2009 at 11:30 AM, Amos Jeffries <squid3_at_treenet.co.nz
>> <mailto:squid3_at_treenet.co.nz>> wrote:
>>    Avinash Rao wrote:
>>        Dear all,
>>        I am new here and i would like to know the correct procedure for
>>        compiling squid to integrate with samba.
>>        I am doing this on a Ubuntu 8.04 Server 64-bit edition and i
>>        have all
>>        the updates installed. Infact, i have installed samba through
>>        apt-get
>>        install and is configured as a PDC.
>>        dpkg -l | grep samba
>>        ii  samba  3.0.28a-1ubuntu4.8   a LanManager-like file and
>>        printer server fo
>>        ii  samba-common  3.0.28a-1ubuntu4.8   Samba common files used
>>        by both
>>        the server a
>>         I am in need of controlling internet access for samba domain users
>>        through squid. I read the documentation and it says Squid must be
>>        built with the configure options:
>>           --enable-auth="ntlm,basic"
>>           --enable-basic-auth-helpers="
>>        winbind"
>>           --enable-ntlm-auth-helpers="winbind"
>>        According to the documentation,
>>        --------
>>        Samba 3.x
>>        ---------
>>        Things are much easier under the 3.x versions of Samba. Smbd is no
>>        longer required to manage the machine's trust account, and  there
>> is
>>        no need to patch any utilities.
>>        The Samba team has incorporated functionality to change the machine
>>        trust account password in the new "net" command.  A simple daily
>>        cron
>>        job scheduling "net rpc changetrustpw" is all that is needed.
>>        I went through the squid documentation and the configure options
>> are
>>        vast. All i want is normal squid operations but with samba
>>        integration. Do I have to specify other options for normal squid
>>        operations?? What is the correct procedure and which version of
>>        squid
>>        suits well for the version of samba i am using? I have used
>>        squid but
>>        never compiled.  My requirement with samba is PDC, winxp clients,
>>        users home directories are mapped as they login to the domain, a
>>        common share for all users and a printer if needed.
>>        Many Thanks,
>>        Avinash
>>    This covers the NTLM auth via Samba requirements.
>>    http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm
>>    This covers the Active Directory (kerberos/negotiate auth)
>> requirements:
>>  http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
>>    Amos
>>    --    Please be using
>>     Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>>     Current Beta Squid
>> Amos,
>> Thanks for the reply.
>> I read the documentation, and it says, "
>> As Samba-3.x has it's own authentication helper there is no need to build
>> any of the Squid authentication helpers for use with Samba-3.x (and the
>> helpers provided by Squid won't work if you do). You do however need to
>> enable support for the NTLM scheme if you plan on using this. Also you may
>> want to use the wbinfo_group helper for group lookups
>> --enable-auth="ntlm,basic"
>> --enable-external-acl-helpers="wbinfo_group"
>> Does this mean that squid has to be compiled with the above options?  I
>> am sorry if this sounds very basic. Also, my requirement, i should be able
>> to restrict few users samba users from accessing the internet through at
>> certain times and not necessary authentication.  Will the above options
>> help.
>> Thanks,
>> Avinash
> The Squid packages available for Ubuntu already have those helpers built-in
> and installed along with the package. All you need is the configuration file
> changes.
> If you are building your own Squid from raw source code, you may need to add
> them.
> For someone who does not know the very basics I would seriously advise
> staying with the pre-packaged versions of Squid until you know what you are
> doing.
>  -->  apt-get install squid
> Then change the /etc/squid.conf file as needed.
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>  Current Beta Squid
Received on Mon Aug 17 2009 - 13:24:53 MDT

This archive was generated by hypermail 2.2.0 : Mon Aug 31 2009 - 12:00:03 MDT