Have you also configured authentication? (auth_param ...) The group helpers are only responsible for verifying group membership, and relies on the authentication helper(s) to first verify the username and password.
Regards Henrik m�n 2003-02-17 klockan 06.11 skrev Simon Bryan: > Hi all, > I have sorted out most of my winbind problems at least at Samba - command > line level. However I still cannot get Squid to recognise the groups. The > relevant kines from my Squid.conf file are below. > Note that wbinfo -u returns the users, wbinfo -g returns the groups from the > domain, if I feed a correct domain+username groupname to wb_group it returns > 'OK' or 'ERR' as the case may be. > Is there anything wrong in my conf file that is obvious, or can I not do > this yet? > > Using SQUID snapshot from 13th Feb 03 > > *************************************************************************** > external_acl_type wb_group %LOGIN /usr/local/squid/libexec/wb_group > acl winauth external wb_group wwwusers > acl staff external wb_group Teachers > acl students external wb_group Students > authenticate_ttl 1 hour > authenticate_ip_ttl 300 seconds > > > #a list of webmail domains from Dansguardian > acl webmail dstdomain "/etc/dansguardian/blacklists/mail/domains" > > #some regex expressions that used to work OK with IP based acls > acl webmail2 urlpath_regex "/usr/local/squid/acls/webmailregex" > > acl password proxy_auth REQUIRED > > #using this as a test, if I make it a http_access deny TEST all it works > acl TEST dstdomain .passport.com > > > http_access deny redworm > http_access deny FTPDownloads PUT > http_access deny banned-url > http_access allow manager localhost > http_access deny manager > http_access deny CONNECT !SSL_ports > http_access allow CONNECT SSL_ports > http_access deny !Safe_ports > http_access deny to_localhost > http_access deny all !password > http_access deny students TEST > http_access deny students webmail webmail2 > http_access allow local_servers > http_access allow FTPDownloads > http_access allow our_networks > http_access allow olmcwarnings > > #And finally deny all other access to this proxy > http_access allow all > **************************************************************************** > ************** > _________________________________________ > Simon Bryan > IT Manager > OLMC Parramata > ICQ#: 137562751 > _________________________________________ -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
