Dear all can anybody give me the ip_wccp v2 patch for kernel 2.4.19
Regards Sukhjit Singh Network Administrator Emmsons Infotech Ltd. SCO 13-14-15, Sec 34A, Chandigarh-160 022 (Ph): +91 172 606664 Mobile 9815228132 [EMAIL PROTECTED] http://www.emmtel.com ----- Original Message ----- From: "Gavin Hamill" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 01, 2003 4:12 PM Subject: Re: [squid-users] NTLM questions (sorry) > > Gavin, > > I know how you feel I battled with winbind and these problems for ages and > > finally it all worked. Below is the relevant parts of my squid.conf. > > I'm /almost/ there :) winbindd now seems to work fine, and I can > successfully limit squid access only to those who authenticate using NTLM... > those currently logged into the domain see no pop-up password prompt, and > those roaming can just tap in their on-site user/password/domain into the > box... > > However, the grail is to achieve two things: > > 1) Members of the 'Domain Admins' group are allowed proxy access to any > site, at any time of day > 2) All other authenticated users are only permitted to use a set list of > websites during office hours. > > At present, if I reference anything relating to NT groups, I just get > 'Access Denied' from squid.. > > Here's my entire squid.conf for 2.5.STABLE2, verbatim: > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > hierarchy_stoplist cgi-bin ? > > acl QUERY urlpath_regex cgi-bin \? > no_cache deny QUERY > > auth_param ntlm program /usr/lib/squid/wb_ntlmauth > auth_param ntlm children 5 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 minutes > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > > external_acl_type NT_global_group %LOGIN /usr/lib/squid/wb_group > acl domainadmins external NT_global_group "Domain Admins" > > acl domainmember proxy_auth REQUIRED > > acl localhost src 127.0.0.1/255.255.255.255 > > acl lan src 80.76.192.0/255.255.255.0 > > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 # https > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl purge method PURGE > acl CONNECT method CONNECT > > http_access allow manager localhost > http_access deny manager > http_access allow purge localhost > http_access deny purge > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > > acl morning time MTWHF 09:00-12:59 > acl afternoon time MTWHF 14:00-16:59 > acl whitelist dstdomain "/etc/squid.whitelist" > > http_access allow localhost > > # admins should get full access, whenever, wherever. > http_access allow domainmember domainadmins > > # non-admins can only look at certain sites during office hours ... > http_access deny domainmember morning !whitelist > http_access deny domainmember afternoon !whitelist > # ... and all sites outside office hours. > http_access allow domainmember > > # non-auth'd users get nada > http_access deny all > > http_reply_access allow all > > icp_access allow all > coredump_dir /var/spool/squid > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > As it stands, this config does not work as I want because members of 'Domain > Admins' group are assigned the same privileges as normal NTLM-auth'd users. > I don't understand this, because: > > wintermute:~# /usr/lib/squid/wb_group > floss "Domain Admins" > OK > > I've also tried surrounding the Domain Admins group name with single and > double-quoted in squid.conf, but this has made no difference > > As always, I'm interested in suggestions :) > > Cheers, > Gavin. > >
