aha. I needed to use this: external_acl_type NT_global_group %LOGIN /usr/local/libexec/squid/wbinfo_group.pl
Well that's one step further, but now it allows everyone to access the proxy even if they aren't in the allowed groups. external_acl_type NT_global_group %LOGIN /usr/local/libexec/squid/wbinfo_group.pl # Use the group acl AllowedNTUsers external NT_global_group "/usr/local/etc/squid/acls/allowedntgroups" acl LoggedInUsers proxy_auth REQUIRED # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS http_access allow AllowedNTUsers http_access allow LoggedInUsers http_access deny !AllowedNTUsers http_access deny !LoggedInUsers Slowly getting somewhere. Does this allow all from the AllowedNTUsers file and also all logged in users? How do I make it that they have to be A: Logged into the ADS and B: In particular groups instead of A: OR B: -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g]On Behalf Of Jason Oakley Sent: Thursday, 28 October 2004 10:31 AM To: [EMAIL PROTECTED] Subject: RE: [squid-users] Authing to ADS NT Groups in a file Okay. I forgot this: # Define the group external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wb_group Now I can start squid. I am in group "ITDepartment" which I put in the "allowedntgroups" file but it still denies me access. #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Define the group external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wb_group # Use the group acl AllowedNTUsers external NT_global_group "/usr/local/etc/squid/acls/allowedntgroups" acl AuthorizedUsers proxy_auth REQUIRED # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS http_access allow AllowedNTUsers http_access allow AuthorizedUsers http_access deny !AllowedNTUsers http_access deny !AuthorizedUsers # And finally deny all other access to this proxy http_access deny all cat allowedntgroups ITDepartment -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g]On Behalf Of Jason Oakley Sent: Thursday, 28 October 2004 9:06 AM To: [EMAIL PROTECTED] Subject: RE: [squid-users] Authing to ADS NT Groups in a file According to the docs: acl ProxyUsers external NT_global_group "/usr/local/squid/etc/DomainUsers" and the DomainUsers files will contain only the following line: "Domain Users" I tried this: acl AllowedNTUsers external NT_global_group "/usr/local/etc/squid/acls/allowedntgroups" acl AuthorizedUsers proxy_auth REQUIRED in allowedntgroups: "IT Dept" but I get this: FATAL: Bungled squid.conf line 1840: acl AllowedNTUsers external NT_global_group "/usr/local/etc/squid/acls/allowedntgroups" Squid Cache (Version 2.5.STABLE7): Terminated abnormally. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g]On Behalf Of Jason Oakley Sent: Thursday, 28 October 2004 8:47 AM To: [EMAIL PROTECTED] Subject: [squid-users] Authing to ADS NT Groups in a file I have Squid authing to ADS via Samba and I need to add certain groups to have access. It's something like this: acl unrestrictedusers external nt_group "/usr/local/etc/squid/acls/allowedntgroups" but that doesn't work. Of course, being NT groups, they have spaces in the names.. eg "IT Dept" so a file (allowedntgroups) to list the groups would be preferable. What am I doing wrong? TIA -------------- Jason Oakley Robina Helpdesk AAPT Limited Ph: 07 5562 4359 [EMAIL PROTECTED] ------------------------------------------------------------------------------ This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. ------------------------------------------------------------------------------
