I'm completely new to Squid and have run across a problem that I'm
beating my head on. In my test lab I set up a CentOS server with
Squid. I've configured winbind so that I'm joined to Microsoft 2003
domain controller. I've configured squid.conf so that it looks up
users in Active Directory and either allows them access to a website
or not depending upon their group. Happily everything works
beautifully when testing using a workstation on the same subnet.
However as soon as I join that workstation to the domain, I have
issues. My two http_access rules for my authenticated users do not
seem to work. My web browser does not prompt me to log in.
So it seems that the authentication that happens when part of the
domain is conflicting with what I'm doing with Squid. However this is
where I get hopelessly lost. Below is the modified part of my
smb.conf. Anybody have any ideas?
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl authenticated proxy_auth REQUIRED
external_acl_type ad_group %LOGIN /usr/lib/squid/wbinfo_group.pl
acl banned_users external ad_group BannedUsers
acl allowed_sites dstdomain "/etc/squid/allowed_sites"
acl allowed_users external ad_group AllowedUsers
# And finally deny all other access to this proxy
http_access allow localhost
http_access allow authenticated allowed_users
http_access allow authenticated allowed_sites banned_users
http_access deny all
Received on Wed Apr 28 2010 - 17:19:09 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 29 2010 - 12:00:14 MDT