Samba will need to be installed, but you only need to run the winbindd process which doesn't actually listen on a TCP/UDP port, but is called by Squid using a Unix pipe.
On Thu, 4 Nov 2004 01:46:40 -0000, John <[EMAIL PROTECTED]> wrote: > Hi Matt, > > Thanks for the reply. Does this mean that I need to set up and run samba > server on the squid box? My company security team are against running samba > as they consider samba to be inherently insecure. Is there a way to run > squid with Active Directory for authentication without having to include > samba? > > Thanks & regards > > John > > > ----- Original Message ----- > From: "Matt Alexander" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, November 04, 2004 12:03 AM > Subject: Re: [squid-users] Squid and Active Directory > > > You'll need to edit your samba config file for your particular domain, > > start winbindd, and add the following to your squid.conf: > > > > auth_param ntlm program > > /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp > > auth_param ntlm children 20 > > auth_param ntlm max_challenge_reuses 0 > > auth_param ntlm max_challenge_lifetime 30 minutes > > auth_param basic program > > /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic > > auth_param basic children 5 > > auth_param basic realm Web Proxy > > auth_param basic credentialsttl 2 hours > > external_acl_type nt_group ttl=0 concurrency=5 %LOGIN > > /usr/lib/squid/wbinfo_group.pl > > acl winbind proxy_auth REQUIRED > > acl internetusers external nt_group internet > > http_access allow internetusers > > http_access deny all > > > > The above also contains the additional requirement that users must be > > in the Windows "internet" group. If you don't need this then you can > > remove the internetusers acl and the wbinfo_group.pl line. Then > > change http_access to allow winbind. > > ~Matt > > > > > > On Wed, 3 Nov 2004 22:45:49 -0000, John <[EMAIL PROTECTED]> wrote: > >> Hi > >> > >> My site is moving away from LDAP to Active Directory for authentication > >> for our internet users going through the Squid proxy server. In order to > >> get > >> squid to talk to active > >> directory for user authentication, it is also a requirement to set up, > >> configure and run samba? I had hoped that switching to active directory > >> would just mean tweaking the existing LDAP auth_param directive. > >> > >> Regards > >> > >> John > >> > >> > > > > > > -- > > Get Firefox! > > http://www.mozilla.org/products/firefox/ > > -- Get Firefox! http://www.mozilla.org/products/firefox/
