With winbind you do not have a file with the users. wb_group is an external acl that gets the users on a group you define on your AD.
The basics to configure it is:
1) install and configure samba (note: it must be configure with security=domain, encrypt passwords=yes). The comands here are all for samba 2.2.8 ! samba 3.0 changes a lot of things...
2) type : man winbindd it gives you a complete way to install your winbind daemon. It is not necessary to configure PAM, but do not forget to copy the lib_nsswinbind.so (and the link) to /lib directory
3) test winbind:
-- first add your machine to the domain: smbpasswd -j DOMAIN -U user -r AD_MACHINE (the user must have access to create machine accounts).
-- second, set a user for winbind: wbinfo --set-auth-user DOMAIN\user%password
-- third, type: wbinfo -u (gives you all users from your AD), and wbinfo -g (gives you all groups from your AD), wbinfo -a DOMAIN\user%password (to test if it is able to authenticate a user).
4) with these working, time to compile squid. I used the folowing configuration options here:
./configure --with-async-io --enable-storeio=null,aufs,diskd --enable-removal-policies=heap,lru --enable-useragent-log --enable-referer-header --enable-icmp --enable-snmp --enable-cachemgr-hostname --enable-ssl --enable-default-err-language=Portuguese --enable-auth=basic,ntlm --enable-ntlm-auth-helpers=winbind --enable-basic-auth-helpers=winbind
5) install squid, go to /usr/local/squid/libexec
6) type : ./wb_auth -d it will say somethings and give you no prompt. Just type: DOMAIN\user password (with ONE Space!). If you typed a valid username/password, the last thing it prints is OK otherwise is ERR. This means your wb_auth/winbind is working perfectly.
7) For the wb_group, if you type wb_group -d , and then type DOMAIN\\user a_domain_group it will give you OK if that user is on that group.
If wb_group works, give you an OK for a valid username/group combination, it means that everything is OK with your system.
Then you must configure squid.conf to accept your wb_group. There is a nice readme on squid's src wb_group (on helpers/external_acl/winbind_group). Take a read on it, and contact me if you get some trouble...
Alex.
[EMAIL PROTECTED] wrote:
Hi Alex! I read all your postings. It seams that we both have the same problem. At my squid all is working except the wb_group. It always returns me an error. how did you configure squid (which version?) an how did you configure your samba? perhaps I can try it here to get it to work. I think my problem is to configure and to compile squid the right way. always when I use the rpms I can get a connection to the internet, but unfortunatly with the prompt. But if I use the source code, I can't get a connection. Don't know what I did wrong. In what file are user valid internet users stored? is it on the windows machine? what does it look like? Thanks and greetz, Tommy
Alex Carlos Braga Antão To: [EMAIL PROTECTED] <[EMAIL PROTECTED] cc: > Subject: Re: [squid-users] --> problem with wb_ntlmauth !
Adam, When I open the browser (IE) it asks me for username, password and Domain. I cannot find where the problem is, because winbind is working, wb_auth is working, wb_group is working... wb_ntlmauth should be working too... it could be a way to make wb_ntlmauth log more on squid logs....
Alex
Adam Aube wrote:
