Re: Fwd: [squid-users] Need help in integrating squid and samba from Amos Jeffries on 2009-09-01 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 01 Sep 2009 22:40:34 +1200

Avinash Rao wrote:
> On 8/31/09, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>> Avinash Rao wrote:
>>
>>>
>>> On Mon, Aug 24, 2009 at 1:00 AM, Henrik Nordstrom
>> <henrik_at_henriknordstrom.net
>> <mailto:henrik_at_henriknordstrom.net>> wrote:
>>> sön 2009-08-23 klockan 15:08 +0530 skrev Avinash Rao:
>>> > I couldn't find any document that shows me how to enable wb_info
>>> for squid.
>>> > Can anybody help me?
>>>
>>> external_acl_type NT_Group %LOGIN
>>> /usr/local/squid/libexec/wbinfo_group.pl
>>>
>>> acl group1 external NT_Group group1
>>>
>>>
>>> then use group1 whenever you want to match users belonging to that
>>> Windows group.
>>>
>>> Regards
>>> Henrik
>>>
>>>
>>> Hi Henrik,
>>>
>>> I have used the following in my squid.conf
>>>
>>> external_acl_type NT_Group %LOGIN /usr/lib/squid/wbinfo_group.pl acl
>> group1 external NT_Group staff
>>> acl net time M T W T F S S 9:00-18:00
>>> http_access allow net
>>>
>>> On my linux server, I have created a group called staff and made a couple
>> of users a member of this group called staff. My intention is to provide
>> access to users belonging to group staff on all days from morning 9am - 7PM.
>> The rest should be denied.
>>> But this didn't work, when the Samba users login from a winxp client, it
>> doesn't get access to internet at all.
>> There is no http_access lien making any use of ACL "group1"
>>
>> And _everybody_ (me included on this side of the Internet) is allowed to use
>> your proxy between 9am ad 6pm.
>>
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>> Current Beta Squid 3.1.0.13
>>
>
>
> Thanks for the reply, Ya i missed http_access allow group1
> I didn't understand your second statement, are u telling me that i
> should deny access to net?

You should combine the ACL with others on an http_access line so that
its limited to who it allows.

This:
acl net time M T W T F S S 9:00-18:00
http_access allow net

simply says "all requests are allowed between time X and Y".
Without additional controls, ie on IP address making the request, you
end up with an open proxy.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
   Current Beta Squid 3.1.0.13

Received on Tue Sep 01 2009 - 10:51:00 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 12:00:05 MDT