Okay. Seems to be working on my FreeBSD box. For anyone who wants to know in the future.. setting up Squid to Authenticate via Samba3 to Active Directory Services:
squid.conf.... auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours .... # Define the group external_acl_type NT_global_group %LOGIN /usr/local/libexec/squid/wbinfo_group.pl # Use the group acl AllowedNTUsers external NT_global_group "/usr/local/etc/squid/acls/allowedntgroups" acl LoggedInUsers proxy_auth REQUIRED # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS http_access allow AllowedNTUsers LoggedInUsers http_access deny !AllowedNTUsers http_access deny !LoggedInUsers # And finally deny all other access to this proxy http_access deny all Put the NT Groups to auth against into allowedntgroups: eg $ cat /usr/local/etc/squid/acls/allowedntgroups "ITDepartment" "IT Help Desk" ------------------------------------------------------------------------------ This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. ------------------------------------------------------------------------------
