Chris, this works great! One note to anyone trying it... if you have 'winbind separator = \' in your smb.conf, this works.. but it does matter. I banged my head on this for about 15 minutes and then change my auth-param line to read --require-membership-of="our_ad_domain+proxyusers_group".. because my winbind line is 'winbind separator = +'
Works great Chris, thanks again! ----- Original Message ---- From: chris brain <[EMAIL PROTECTED]> To: [email protected] Sent: Thursday, August 21, 2008 10:26:15 PM Subject: Re: [squid-users] if this is posted somewhere.. please tell me where to go... AD groups Hi From my experience with NTLM and AD this is the best way we found to implement group membership : ntlm_auth already has a mechanism to provide this its just that the doco is difficult to follow. squid.conf : auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="our_ad_domain\\proxyusers_group" auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="our_ad_domain\\proxyusers_group" where our_ad_domain = the AD domain where proxyusers_group = the group of users allowed to access the proxy We found that \\ and " must be included for this top work correctly. Thanks Chris ------------------------------------------------------------------------------------ West Australian Newspapers Group ------------------------------------------------------------------------------------ Privacy and Confidentiality Notice The information contained herein and any attachments are intended solely for the named recipients. It may contain privileged confidential information. If you are not an intended recipient, please delete the message and any attachments then notify the sender. Any use or disclosure of the contents of either is unauthorised and may be unlawful. Any liability for viruses is excluded to the fullest extent permitted by law. Advertising Terms & Conditions Please refer to the current rate card for advertising terms and conditions. The rate card is available on request or via www.thewest.com.au Unsubscribe If you do not wish to receive emails such as this in future please reply to it with "unsubscribe" in the subject line.
