You'll need to edit your samba config file for your particular domain, start winbindd, and add the following to your squid.conf:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 20 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 30 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Web Proxy auth_param basic credentialsttl 2 hours external_acl_type nt_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/wbinfo_group.pl acl winbind proxy_auth REQUIRED acl internetusers external nt_group internet http_access allow internetusers http_access deny all The above also contains the additional requirement that users must be in the Windows "internet" group. If you don't need this then you can remove the internetusers acl and the wbinfo_group.pl line. Then change http_access to allow winbind. ~Matt On Wed, 3 Nov 2004 22:45:49 -0000, John <[EMAIL PROTECTED]> wrote: > Hi > > My site is moving away from LDAP to Active Directory for authentication > for our internet users going through the Squid proxy server. In order to get > squid to talk to active > directory for user authentication, it is also a requirement to set up, > configure and run samba? I had hoped that switching to active directory > would just mean tweaking the existing LDAP auth_param directive. > > Regards > > John > > -- Get Firefox! http://www.mozilla.org/products/firefox/
