[squid-users] Need help in integrating squid and samba

---------- Forwarded message ----------
From: Avinash Rao <avinash.aol_at_gmail.com>
Date: Tue, Sep 8, 2009 at 11:13 AM
Subject: Re: Fwd: [squid-users] Need help in integrating squid and samba
To: Amos Jeffries <squid3_at_treenet.co.nz>
Cc: Henrik Nordstrom <henrik_at_henriknordstrom.net>, squid-users_at_squid-cache.org

On Tue, Sep 1, 2009 at 4:10 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
> Avinash Rao wrote:
>>
>> On 8/31/09, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>>>
>>> Avinash Rao wrote:
>>>
>>>>
>>>> On Mon, Aug 24, 2009 at 1:00 AM, Henrik Nordstrom
>>>
>>> <henrik_at_henriknordstrom.net
>>> <mailto:henrik_at_henriknordstrom.net>> wrote:
>>>>
>>>>   sön 2009-08-23 klockan 15:08 +0530 skrev Avinash Rao:
>>>>    > I couldn't find any document that shows me how to enable wb_info
>>>>   for squid.
>>>>    > Can anybody help me?
>>>>
>>>>   external_acl_type NT_Group %LOGIN
>>>>   /usr/local/squid/libexec/wbinfo_group.pl
>>>>
>>>>   acl group1 external NT_Group group1
>>>>
>>>>
>>>>   then use group1 whenever you want to match users belonging to that
>>>>   Windows group.
>>>>
>>>>   Regards
>>>>   Henrik
>>>>
>>>>
>>>> Hi Henrik,
>>>>
>>>> I have used the following in my squid.conf
>>>>
>>>> external_acl_type NT_Group %LOGIN /usr/lib/squid/wbinfo_group.pl acl
>>>
>>> group1 external NT_Group staff
>>>>
>>>> acl net time M T W T F S S 9:00-18:00
>>>> http_access allow net
>>>>
>>>> On my linux server, I have created a group called staff and made a couple
>>>
>>> of users a member of this group called staff. My intention is to provide
>>> access to users belonging to group staff on all days from morning 9am - 7PM.
>>> The rest should be denied.
>>>>
>>>> But this didn't work, when the Samba users login from a winxp client, it
>>>
>>> doesn't get access to internet at all.
>>> There is no http_access lien making any use of ACL "group1"
>>>
>>> And _everybody_ (me included on this side of the Internet) is allowed to use
>>> your proxy between 9am ad 6pm.
>>>
>>>
>>> Amos
>>> --
>>> Please be using
>>>  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>>>  Current Beta Squid 3.1.0.13
>>>
>>
>>
>> Thanks for the reply, Ya i missed http_access allow group1
>> I didn't understand your second statement, are u telling me that i
>> should deny access to net?
>
> You should combine the ACL with others on an http_access line so that its limited to who it allows.
>
> This:
>  acl net time M T W T F S S 9:00-18:00
>  http_access allow net
>
> simply says "all requests are allowed between time X and Y".
> Without additional controls, ie on IP address making the request,  you end up with an open proxy.
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>  Current Beta Squid 3.1.0.13

Dear Amos,

I am still not able to get this working.  Here's what i want to
accomplish. I have WinXP - SP2 clients logging onto the samba domain
and LTSP users. All users use squid proxy. My intention is to control
the samba users from accessing the internet at certain times.

If i don't use the external_acl_type NT_Group as mentioned below, the
squid works properly for all users, even windows and anybody using
squid proxy.

external_acl_type NT_Group %LOGIN /usr/local/squid/libexec/
wbinfo_group.pl
acl group1 external NT_Group group1
I have created a group called staff using net rpc command and i am i
have made all the users using winxp a member of this group staff. So,
my acl will look like

external_acl_type NT_Group %LOGIN /usr/local/squid/libexec/wbinfo_group.pl
acl acl_name external NT_Group staff
http_access allow staff

According to my understanding, it should allow only those samba users
which come under the group staff. But thats not happening, squid
denies access to the internet.
How do i get this working? Also, i want to be able to specify the time
of access for these users.

I am sorry if ths thread is dragging, i have come a long way after
learning to use squid.

Many Thanks for your support
Avinash
Received on Tue Sep 08 2009 - 05:44:11 MDT