Re: [squid-users] if this is posted somewhere.. please tell me where to go... AD groups

From: nairb rotsak <ipguru99_at_yahoo.com>
Date: Sun, 24 Aug 2008 09:19:25 -0700 (PDT)

Chris, this works great! One note to anyone trying it... if you have 'winbind separator = \' in your smb.conf, this works.. but it does matter. I banged my head on this for about 15 minutes and then change my auth-param line to read --require-membership-of="our_ad_domain+proxyusers_group".. because my winbind line is 'winbind separator = +'

Works great Chris, thanks again!

----- Original Message ----
From: chris brain <chris.brain_at_wanews.com.au>
To: squid-users_at_squid-cache.org
Sent: Thursday, August 21, 2008 10:26:15 PM
Subject: Re: [squid-users] if this is posted somewhere.. please tell me where to go... AD groups

Hi From my experience with NTLM and AD this is the best way we found to
implement group membership :

ntlm_auth already has a mechanism to provide this its just that the doco is
difficult to follow.

squid.conf :

auth_param basic program
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="our_ad_domain\\proxyusers_group"

auth_param ntlm program
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="our_ad_domain\\proxyusers_group"

where our_ad_domain = the AD domain
where proxyusers_group = the group of users allowed to access the proxy

We found that \\ and " must be included for this top work correctly.

Thanks Chris

------------------------------------------------------------------------------------
West Australian Newspapers Group
------------------------------------------------------------------------------------
Privacy and Confidentiality Notice

The information contained herein and any attachments are intended solely for the named recipients. It may contain privileged confidential information. If you are not an intended recipient, please delete the message and any attachments then notify the sender. Any use or disclosure of the contents of either is unauthorised and may be unlawful. Any liability for viruses is excluded to the fullest extent permitted by law.

Advertising Terms & Conditions
Please refer to the current rate card for advertising terms and conditions. The rate card is available on request or via www.thewest.com.au

Unsubscribe
If you do not wish to receive emails such as this in future please reply to it with "unsubscribe" in the subject line.

      
Received on Sun Aug 24 2008 - 16:19:33 MDT

This archive was generated by hypermail 2.2.0 : Mon Aug 25 2008 - 12:00:06 MDT