Sort of new to mailing lists but here goes...
Been using Squid for two year to regulate corporate web access based on
Active Directory group membership.
Up until Monday (after a portupgrade on FreeBSD 6.1) it's been working
PERFECTLY. Samba and windbindd have been working flawlessly. The current
squid.conf is as follows (Any clues as to what's wrong would be MOST
helpful as I've been pulling my hair out over this for five days now):
# MONITOR Squid
hierarchy_stoplist cgi-bin ?
http_port 3128
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_dir ufs /usr/local/etc/squid/cache 10000 10 10
cache_access_log /usr/local/etc/squid/log/access.log
cache_store_log /usr/local/etc/squid/log/store.log
pid_filename /usr/local/etc/squid/log/squid.pid
debug_options ALL,1
redirect_children 5
auth_param ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
# auth_param ntlm program /usr/local/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
# auth_param ntlm max_challenge_reuses 0
# auth_param ntlm max_challenge_lifetime 2 minute
# external_acl_type nt_group ttl=0 concurrency=5 %LOGIN
/usr/local/libexec/squid/wbinfo_group.pl
# TEST
external_acl_type nt_group ttl=0 children=20 %LOGIN
/usr/local/libexec/squid/wbinfo_group.pl
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl AuthorizedUsers proxy_auth REQUIRED
acl regularusers external nt_group Browser-Users
acl allowedurls dstdomain
"/usr/local/etc/squid/restrictedusers_allowedurls"
acl restrictedusers external nt_group Restricted-Browser-Use
acl ALWIZARD dst 65.163.6.109-65.163.6.109/255.255.255.255
65.163.6.110-65.163.6.110/255.255.255.255
acl blockurls dstdomain "/usr/local/etc/squid/blockurls"
http_access allow manager localhost
http_access deny manager
http_access allow regularusers
http_access deny !SSL_ports !Safe_ports !CONNECT !ALWIZARD
http_access deny all
http_reply_access allow all
icp_access allow manager localhost AuthorizedUsers regularusers
restrictedusers
cache_effective_user squid
cache_effective_group squid
coredump_dir /usr/local/etc/squid/cache
# redirect_program /usr/local/libexec/squid_redirect
Received on Fri Feb 23 2007 - 14:24:56 MST
This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST