I am using winbindd authentication to allow people out to the internet, but I would like to block downloads except for a small group of those users. I would like to have this be another Domain group. When I add a second rule for external authentication (for the download group) I get a bunch of errors in the cache.log and squid dies. If I comment out the acl "http_reply_access allow password DownLoads_OK" then squid will load. Am I going in the right direction, or is there another way?
Sample config file. # Authentication programs section auth_param ntlm program /usr/lib/squid/wb_ntlmauth auth_param ntlm children 18 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes # This line is for checking group membership external_acl_type NT_global_group %LOGIN /usr/lib/squid/bofu_check_group external_acl_type Approved_Download %LOGIN /usr/lib/squid/bofu_check_download acl me src 192.168.0.2/32 # check against a domain group acl ProxyUsers external NT_global_group internet acl DownLoads_OK external Approved_Download internetdownloads acl password proxy_auth REQUIRED # block downloads acl DownLoads_Blocked rep_mime_type -i ^application/.+$ acl DownLoads_Blocked2 urlpath_regex -i \.cab$ # Rule enforcement http_access allow password ProxyUsers http_access deny all http_reply_access allow password DownLoads_OK http_reply_access deny me DownLoads_Blocked http_reply_access deny me DownLoads_Blocked2 http_reply_access allow all Error Messages when starting: (wb_ntlmauth)[17777](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17778](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17779](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17775](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=22 (Invalid argument) (wb_ntlmauth)[17780](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17782](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17781](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17789](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17783](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17784](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17785](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17776](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17786](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17787](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17788](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17790](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17791](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) (wb_ntlmauth)[17792](wb_ntlm_auth.c:273): fgets() failed! dying..... errno=0 (Success) Thanks for your help. Robert
