I think you have your ACL's wrong. That said I haven't tried it with multiple groups as you have. I use a file located on the file system to list my groups that I want to allow internet access to.
I use an external file for listing the groups as you cannot list groups in squid.conf if they have a space in them (Domain Users for example) Below are the relevant excerpts from my squid.conf: ====snip========== external_acl_type NTGroups %LOGIN /usr/lib/squid/wb_group acl InternetUsers external NTGroups "/etc/squid/ntgroups-access" acl AuthorizedUsers proxy_auth REQUIRED http_access allow AuthorizedUsers InternetUsers http_access deny all =====end snip===== where ntgroups-access contains: Domain Users Administrators **Note Make sure there is no blank line after the last listed NT group in the access file. Otherwise it doesn't work. Regards Jay > -----Original Message----- > From: Simon Bryan [mailto:[EMAIL PROTECTED] > Sent: Monday, 4 August 2003 11:20 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: RE: [squid-users] wb_group > > > Jay Turner said: > > You need to supply the account name and the group to the > wb_group helper. > > > > OK will be returned if the user provided is in the group provided. > > > > ie DOMAIN\\username "Domain Users" > > > > See if that helps > > > Yes it works from the command line OK with that syntax. Does Squid do that > automatically? If not how do you configure the acl? I have the > following at the > moment: > > acl winauth external wb_group wwwusers > acl banned external wb_group banned > acl staff external wb_group Teachers > acl students external wb_group Students > > > > > > Regards > > Jay > > > >> -----Original Message----- > >> From: Simon Bryan [mailto:[EMAIL PROTECTED] > >> Sent: Monday, 4 August 2003 9:13 AM > >> To: [EMAIL PROTECTED] > >> Subject: [squid-users] wb_group > >> > >> > >> Hi all, > >> I am working my way through why the delay_pools do not work for > >> me, I suspected > >> winbind and have been rebuilding everything. I have an issue with > >> wb_group that I > >> can't resolve. If I use wb_group -d and enter a valid username I > >> get a list of > >> groups as below: > >> > >> student > >> /wb_group[22779](wb_check_group.c:343): Got 'student' from Squid > >> (length: 7). > >> /wb_group[22779](wb_check_group.c:237): > >> SID:S-1-5-21-8915387-1576539265-1404200075-513 > >> /wb_group[22779](wb_check_group.c:237): > >> SID:S-1-5-21-8915387-1576539265-1404200075-3041 > >> /wb_group[22779](wb_check_group.c:237): > >> SID:S-1-5-21-8915387-1576539265-1404200075-3530 > >> ERR > >> > >> However it always terminates with an ERR which seems to me what > >> it must be sending > >> to Squid so the users never fall into a group. > >> I am using the Squid snapshot from 3rd August and Samba 2.2.8a, I > >> have copied over > >> the winbindd_nss.h file over the top of the Squid. > >> > >> Squid -v gives: > >> Squid Cache: Version 2.5.STABLE3-20030803 > >> configure options: --enable-delay-pools --enable-auth=ntlm,basic > >> --enable-basic-auth-helpers=winbind --enable-ntlm-helpers=winbind > >> > >> > >> wb_info gives all the right answers. > >> > >> Any clues appreciated. > >> > >> > >> As a second question, when using wb_group in an acl do you use > >> the NT group name eg > >> 'teachers' or the SID number as given by wb_group on the command line? > >> > >> Cheers, > >> > >> ____________________ > >> Simon Bryan > >> IT Manager > >> OLMC Parramatta > >> > >> > > > > > ____________________ > Simon Bryan > IT Manager > OLMC Parramatta > >