Here's parsed versions of the conf files:
Squid.conf
http_port 80
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 32 MB
maximum_object_size 1048576 KB
cache_dir ufs /var/spool/squid 3072 16 256
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param basic children 15
auth_param basic realm computronix.com
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl all src 0.0.0.0/0.0.0.0
acl windowsupdate dstdomain .microsoft.com .windowsupdate.com
acl AuthorizedUsers proxy_auth REQUIRED
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl squidmeister src 206.75.5.44/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 80 443 563 1494 2598
acl Safe_ports port 80 # http
acl Safe_ports port 81 # Autorpm.org
acl Safe_ports port 89 # Oracle Technical Forums
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow manager squidmeister
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all AuthorizedUsers
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
And smb.conf
[global]
workgroup = NTDOMAIN
realm = DOMAIN.COM
server string = CX Canada's SQUID Web Proxy
security = ADS
password server = 206.75.5.19
log file = /var/log/samba/%m.log
max log size = 500
preferred master = No
domain master = No
dns proxy = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
The command I used to join to the domain was: net ads join -U accountname.
I also found today that it is only Vista users (there are 2 of us
using vista to find out if we can deploy it here yet, and I am one of
them) that is getting prompted to authenticate. Also Squid will not
authenticate through the windows prompt, however the firefox prompt is
accepted and I can browse with that.
Thanks,
Darren
On 9/6/07, Ian <barnracoon@gmail.com> wrote:
> Hi Darren,
>
> Can you provide a copy of the squid.conf as well as the smb.conf and
> the commands you ran to join the server to the domain?
>
> Thanks
> Ian
>
> On 9/7/07, Darren Maskowitz <squitz@gmail.com> wrote:
> > The hard drive on the Squid proxy just died, and I'm trying to get the
> > replacement to work. The proxy was running on Fedora Core 3 using
> > Squid 2 and Samba 3.x. The replacement is running Fedora Core 6 and
> > Squid 2.6 STABLE7 and Samba 3.0.23. I have managed to join the
> > replacement to and have it authenticate against our Active Directory
> > Domain here. However unlike it's predecessor it prompts the user for
> > name and password the first time. Unfortunately I didn't setup the
> > original and the admin that did the setup is no longer here. Can
> > anyone give me some pointers to what I might have missed configuring?
> >
>
Received on Fri Sep 07 2007 - 11:40:32 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT