yes, I have the following: auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth auth_param ntlm children 20 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minute
auth_param basic program /usr/local/bin/smb_auth -W OLMC_CD -U 10.192.0.11 auth_param basic children 5 auth_param basic realm Poxy server at OLMC auth_param basic credentialsttl 1 hour and from below: authenticate_ttl 1 hour acl password proxy_auth REQUIRED http_access deny all !password and the logs show the username as domain\username I take it that this should work then? > -----Original Message----- > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]] > Sent: Tue, 18. February 2003 2:06 AM > To: [EMAIL PROTECTED] > Cc: Squid-Users > Subject: Re: [squid-users] Winbind and Windows groups > > > Have you also configured authentication? (auth_param ...) > > The group helpers are only responsible for verifying group membership, > and relies on the authentication helper(s) to first verify the username > and password. > > Regards > Henrik > > m�n 2003-02-17 klockan 06.11 skrev Simon Bryan: > > Hi all, > > I have sorted out most of my winbind problems at least at Samba > - command > > line level. However I still cannot get Squid to recognise the > groups. The > > relevant kines from my Squid.conf file are below. > > Note that wbinfo -u returns the users, wbinfo -g returns the > groups from the > > domain, if I feed a correct domain+username groupname to > wb_group it returns > > 'OK' or 'ERR' as the case may be. > > Is there anything wrong in my conf file that is obvious, or can I not do > > this yet? > > > > Using SQUID snapshot from 13th Feb 03 > > > > > ****************************************************************** > ********* > > external_acl_type wb_group %LOGIN /usr/local/squid/libexec/wb_group > > acl winauth external wb_group wwwusers > > acl staff external wb_group Teachers > > acl students external wb_group Students > > authenticate_ttl 1 hour > > authenticate_ip_ttl 300 seconds > > > > > > #a list of webmail domains from Dansguardian > > acl webmail dstdomain "/etc/dansguardian/blacklists/mail/domains" > > > > #some regex expressions that used to work OK with IP based acls > > acl webmail2 urlpath_regex "/usr/local/squid/acls/webmailregex" > > > > acl password proxy_auth REQUIRED > > > > #using this as a test, if I make it a http_access deny TEST all it works > > acl TEST dstdomain .passport.com > > > > > > http_access deny redworm > > http_access deny FTPDownloads PUT > > http_access deny banned-url > > http_access allow manager localhost > > http_access deny manager > > http_access deny CONNECT !SSL_ports > > http_access allow CONNECT SSL_ports > > http_access deny !Safe_ports > > http_access deny to_localhost > > http_access deny all !password > > http_access deny students TEST > > http_access deny students webmail webmail2 > > http_access allow local_servers > > http_access allow FTPDownloads > > http_access allow our_networks > > http_access allow olmcwarnings > > > > #And finally deny all other access to this proxy > > http_access allow all > > > ****************************************************************** > ********** > > ************** > > _________________________________________ > > Simon Bryan > > IT Manager > > OLMC Parramata > > ICQ#: 137562751 > > _________________________________________ > -- > Henrik Nordstrom <[EMAIL PROTECTED]> > MARA Systems AB, Sweden
