Hi all I have squid 2.5STABLE7 running along with samba 3.0.8 using NTLM auth. I have the folowing ACL's in my squid.conf:
------------------------------ external_acl_type nt_group %LOGIN /usr/lib/squid/wbinfo_group.pl # access control list acl QUERY urlpath_regex cgi-bin \? acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 21 70 80 210 280 443 563 488 554 1025-65535 acl CONNECT method CONNECT acl allowedurls dstdomain "/etc/squid/acls/allowedurls" acl blockcache url_regex -i "/etc/squid/acls/blockcache" acl Authenticated proxy_auth REQUIRED acl AllowedNTUsers external nt_group "/etc/squid/acls/allowedntgroups" # Deploy access control list http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow AllowedNTUsers #http_access deny all #icp_access deny all ------------------------------ I have a user named roland who is in the domain group "Domain Users", the winbindd log seams to see this and will auth the user against my domain, but I cannot acces any webpages. The folowing is taken from syslog/acces.log when trying to access ww.bbc.com ------------------------------ 2004/11/11 12:51:47| The request GET http://www.bbc.com/ is DENIED, because it matched 'AllowedNTUsers 1100173907.906 22 172.29.10.180 TCP_DENIED/403 1377 GET http://www.bbc.com/ roland NONE/- text/html ------------------------------ I do not understand this. I have "Domain Users" in "/etc/squid/acls/allowedntgroups" and windbind seams to work coretly. Can someone give me some input about this, perhaps an example on including domain groups such as "Domain Users" in squid. Thanks in advance.
