Re: Fwd: [squid-users] Need help in integrating squid and samba from Avinash Rao on 2009-09-01 (squid-users)

From: Avinash Rao <avinash.aol_at_gmail.com>
Date: Tue, 1 Sep 2009 18:55:35 +0530

Thank you for your explanation...
I understood what you said.. i will check the squid configuration and get back..

On 9/1/09, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> Avinash Rao wrote:
> > On 8/31/09, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> >
> > > Avinash Rao wrote:
> > >
> > >
> > > >
> > > > On Mon, Aug 24, 2009 at 1:00 AM, Henrik Nordstrom
> > > >
> > > <henrik_at_henriknordstrom.net
> > > <mailto:henrik_at_henriknordstrom.net>> wrote:
> > >
> > > > sön 2009-08-23 klockan 15:08 +0530 skrev Avinash Rao:
> > > > > I couldn't find any document that shows me how to enable wb_info
> > > > for squid.
> > > > > Can anybody help me?
> > > >
> > > > external_acl_type NT_Group %LOGIN
> > > > /usr/local/squid/libexec/wbinfo_group.pl
> > > >
> > > > acl group1 external NT_Group group1
> > > >
> > > >
> > > > then use group1 whenever you want to match users belonging to that
> > > > Windows group.
> > > >
> > > > Regards
> > > > Henrik
> > > >
> > > >
> > > > Hi Henrik,
> > > >
> > > > I have used the following in my squid.conf
> > > >
> > > > external_acl_type NT_Group %LOGIN /usr/lib/squid/wbinfo_group.pl acl
> > > >
> > > group1 external NT_Group staff
> > >
> > > > acl net time M T W T F S S 9:00-18:00
> > > > http_access allow net
> > > >
> > > > On my linux server, I have created a group called staff and made a
> couple
> > > >
> > > of users a member of this group called staff. My intention is to provide
> > > access to users belonging to group staff on all days from morning 9am -
> 7PM.
> > > The rest should be denied.
> > >
> > > > But this didn't work, when the Samba users login from a winxp client,
> it
> > > >
> > > doesn't get access to internet at all.
> > > There is no http_access lien making any use of ACL "group1"
> > >
> > > And _everybody_ (me included on this side of the Internet) is allowed to
> use
> > > your proxy between 9am ad 6pm.
> > >
> > >
> > > Amos
> > > --
> > > Please be using
> > > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
> > > Current Beta Squid 3.1.0.13
> > >
> > >
> >
> >
> > Thanks for the reply, Ya i missed http_access allow group1
> > I didn't understand your second statement, are u telling me that i
> > should deny access to net?
> >
>
> You should combine the ACL with others on an http_access line so that its
> limited to who it allows.
>
> This:
> acl net time M T W T F S S 9:00-18:00
> http_access allow net
>
> simply says "all requests are allowed between time X and Y".
> Without additional controls, ie on IP address making the request, you end
> up with an open proxy.
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
> Current Beta Squid 3.1.0.13
>
Received on Tue Sep 01 2009 - 13:25:42 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 01 2009 - 12:00:05 MDT