Re: Re: [squid-users] External_acl_type Problem

So....i solved

erase all squid.conf and create again with this lines.

acl AuthorizedUsers proxy_auth REQUIRED

external_acl_type nt_group %LOGIN /usr/lib/squid/wbinfo_group.pl

acl dpto external nt_group finance

http_access allow dpto

http_access allow AuthorizedUsers

So....Amos Jeffries was right...thanks for help e sorry for my innattention

tnks again......

--kalz---

>
>
> -------- Mensagem original --------
> Assunto: Re: [squid-users] External_acl_type Problem
> Data: Sat, 22 Jan 2011 03:07:56
> +1300 De: Amos Jeffries
> Para: squid-users_at_squid-cache.org
>
> On 22/01/11 01:38, Kalil Costa - Brasilsite wrote: > Hi all, > > > I
> have a problem with not working external_acl_type > > Integrated the
> AD 2003 using squid with ntlm, samba, winbind, works fine. > Logs in
> access.log ok, user navigates normal, but when i configure >
> squid.conf using external_acl_type nothings happens. > Your problems
> in not related to external_acl_type. The order of your directives
> does not match what you are wanting to happen. > > My settings
> squid.conf > > ----- > > http_port 3128 > > cache_mem 12 MB >
> maximum_object_size_in_memory 64 KB > maximum_object_size 512 MB >
> minimum_object_size 0 KB > cache_swap_low 90 > cache_swap_high 95 >
> cache_dir ufs /var/spool/squid 2048 16 256 > cache_access_log
> /var/log/squid/access.log > refresh_pattern ^ftp: 15 20% 2280 >
> refresh_pattern ^gopher: 15 0% 2280 Add: refresh_pattern -i
> (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 15 20% 2280 > >
> hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? >
> no_cache deny QUERY If you have a Squid newer than 2.6 remove the
> above three lines. > > auth_param ntlm program /usr/bin/ntlm_auth >
> --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 30 > >
> auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic > auth_param basic children 5 >
> auth_param basic realm Squid proxy-caching web server > auth_param
> basic credentialsttl 2 hours > > > > #debug_options ALL,1 82,9 84,9 >
> > #acl all src 0.0.0.0/24 > > > acl AuthorizedUsers proxy_auth
> REQUIRED > http_access allow AuthorizedUsers At this point anyone
> who can login is allowed immediately. > > external_acl_type nt_group
> %LOGIN /usr/lib/squid/wbinfo_group.pl > > acl dpto external nt_group
> finance > http_access deny dpto > This group restriction needs to be
> above "allow AuthorizedUsers" to work. When two criteria overlap,
> the most specific needs to be tested first. In this case the details
> user+password+group is more specific than just user+password. Amos
> -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10
> Beta testers wanted for 3.2.0.4
Received on Fri Jan 21 2011 - 20:35:59 MST