Normally windows users have spaces in their usernames, i once tried this setup, leaving the group auth part, all works fine but the users with spaces was not handled by squid. Can you help. --- newsgroupie <[EMAIL PROTECTED]> wrote:
> As a follow up, I may have missed one fine detail, > so here is a > correction. > To make all this work you will also need to > configure PAM to work with > Winbind for Authentication. Sorry for missing this > step. Do'h! > > You will need to add the following to your > /etc/pam.d/login file. Mine > looks exactly like this: > > #%PAM-1.0 > # > #Winbind config > auth required /lib/security/pam_securetty.so > auth sufficient /lib/security/pam_winbind.so > auth sufficient /lib/security/pam_unix.so > use_first_pass > auth required /lib/security/pam_stack.so > service=system-auth > auth required /lib/security/pam_nologin.so > account sufficient /lib/security/pam_winbind.so > account required /lib/security/pam_stack.so > service=system-auth > password required /lib/security/pam_stack.so > service=system-auth > session required /lib/security/pam_stack.so > service=system-auth > session optional /lib/security/pam_console.so > > I'm pretty sure that's it this time..... :-) > > > > > -----Original Message----- > From: newsgroupie > [mailto:[EMAIL PROTECTED] > Sent: Thursday, 9 September 2004 2:23 PM > To: [EMAIL PROTECTED] > Subject: [squid-users] Integate squid and linux with > Win 2003 AD in 10 > steps > > Hi, > > I hope this post can be the be all and end all for > those needing to use > true "STABLE" squid code suitable for production > use. Because I see this > kind of question on lists so often so I would like > to offer my > assistance. > > The following is a known good and very heavily > tested solution I have > had working for about 2 years that has never missed > a beat with over 400 > users. This solution will work in Win2000k AD, > Win2003 AD in either non > native or native modes. (Also even NT4 too) > > My instructions assume Red hat 7.3 and a reasonable > bit of Linux/squid > knowledge. I apologize if this documentation is not > perfect but for > those out there with more than a clue you should be > able to follow this > guide and fill in any small blanks I may have > missed. For the many the > most helpful bits might be are the extras you must > add to both the > squid.conf and Samba.conf files to make it all come > together. > Of course you will have to adjust these where > appropriate for your > distro. > > ************************************************************************ > **** > > > STEP ONE > > Copy Samba 2.2.8a source tarball to > /usr/src/redhat/SOURCES > > > STEP TWO > > Compile the squid 2.5 Stable 3 Source with the > following options the > squid.spec file. This will configure and build Squid > to include the > winbind helpers from Samba into itself. > > --exec_prefix=/usr --bindir=/usr/sbin > --libexecdir=/usr/lib/squid \ > --localstatedir=/var --sysconfdir=/etc/squid \ > --enable-poll --enable-snmp > --enable-removal-policies="heap,lru" \ > --enable-storeio="aufs,coss,diskd,ufs" > --enable-ssl \ > --with-openssl=/usr/kerberos \ > --enable-delay-pools --enable-linux-netfilter \ > --with-pthreads \ > --with-samba-source=/usr/src/redhat/SOURCES \ > --enable-auth="ntlm,basic" \ > > --enable-basic-auth-helpers="winbind,LDAP,NCSA,PAM,SMB,SASL,MSNT" > \ > --enable-ntlm-auth-helpers="SMB,winbind" \ > > --enable-external-acl-helpers="ip_user,ldap_group,unix_group,wbinfo_grou > p,winbind_group" \ > > > STEP THREE > > Build SAMBA 2.2.8a from Source RPM using the > following entries in spec > file. This will configure Samba in a fairly generic > Red Hat way but will > also include the Winbind helpers and the LDAP hack > required to allow > Samba to talk to 2000/2003 Native mode AD > > --prefix=%{prefix} \ > --localstatedir=/var \ > --with-configdir=/etc/samba \ > --with-privatedir=/etc/samba \ > --with-codepagedir=/etc/codepages \ > --with-fhs \ > --with-quotas \ > --with-msdfs \ > --with-smbmount \ > --with-pam \ > --with-winbind \ > --with-winbind-auth-challenge \ > --with-winbind-ldap-hack \ > --with-pam-winbind \ > --with-pam_smbpass \ > --with-syslog \ > --with-utmp \ > --with-sambabook=%{prefix}/share/swat/using_samba \ > --with-swatdir=%{prefix}/share/swat \ > --with-libsmbclient > > > > STEP FOUR > > Install Both the Squid and Samba RPM binaries > > > STEP FIVE > > Change the following lines in your > /etc/nnswitch.conf file to: > > passwd: files winbind > shadow: files > group: files winbind > > > STEP SIX > > Configure at least the following lies in your > Samba.conf > > [global] > > # workgroup = NT-Domain-Name or Workgroup-Name > workgroup = YOUR-NETBIOS-DOMAIN-NAME > > # server string is the equivalent of the NT > Description field > server string = Linux Proxy Server > > # separate domain and username with '+', like > DOMAIN+username > winbind separator = \\ > # use uids from 10000 to 20000 for domain users > winbind uid = 10000-20000 > # use gids from 10000 to 20000 for domain > groups > winbind gid = 10000-20000 > # allow enumeration of winbind users and groups > # might need to disable these next two for > performance > # reasons on the winbindd host > winbind enum users = yes > winbind enum groups = yes > # give winbind users a real shell (only needed > if they have > telnet/sshd/etc... access) > #template homedir = /home/winnt/%D/%U > template homedir = /home/winnt > template shell = /bin/bash > netbios name = PROXY > === message truncated === ===== Regards, Mohsin Khan CCNA ( Cisco Certified Network Associate 2.0 ) http://forum.aaghaz.net >>>Happy is the one who can smile<<< __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail
