Hi Matt,
Thanks for the reply. Does this mean that I need to set up and run samba server on the squid box? My company security team are against running samba as they consider samba to be inherently insecure. Is there a way to run squid with Active Directory for authentication without having to include samba?
Thanks & regards
John
----- Original Message ----- From: "Matt Alexander" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 04, 2004 12:03 AM
Subject: Re: [squid-users] Squid and Active Directory
You'll need to edit your samba config file for your particular domain, start winbindd, and add the following to your squid.conf:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 30 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Web Proxy
auth_param basic credentialsttl 2 hours
external_acl_type nt_group ttl=0 concurrency=5 %LOGIN
/usr/lib/squid/wbinfo_group.pl
acl winbind proxy_auth REQUIRED
acl internetusers external nt_group internet
http_access allow internetusers
http_access deny all
The above also contains the additional requirement that users must be in the Windows "internet" group. If you don't need this then you can remove the internetusers acl and the wbinfo_group.pl line. Then change http_access to allow winbind. ~Matt
On Wed, 3 Nov 2004 22:45:49 -0000, John <[EMAIL PROTECTED]> wrote:Hi
My site is moving away from LDAP to Active Directory for authentication
for our internet users going through the Squid proxy server. In order to get
squid to talk to active
directory for user authentication, it is also a requirement to set up,
configure and run samba? I had hoped that switching to active directory
would just mean tweaking the existing LDAP auth_param directive.
Regards
John
--
Get Firefox!
http://www.mozilla.org/products/firefox/
