Re: [squid-users] Re: squid with Windows 2003 group filtering problem

From: Srinivasa Chary <[email protected]>
Date: Sun, 13 Feb 2005 11:44:14 +0400

Dear Adam,

Thanks for mail , after the upgrading the samba to samba-3.0.11pre1-1 my
problem solved, the problem was with wbinfo_group.pl file and the LANG=C
setting problem.

Regards,
M.Srinivasa Chary
Telecommunication Engineer
Infotech Divison
National Telephone Services
GSM: +968 9263127.
----- Original Message -----
From: "Adam Aube" <aaube01@baker.edu>
To: <squid-users@squid-cache.org>
Sent: Sunday, February 13, 2005 8:50 AM
Subject: [squid-users] Re: squid with Windows 2003 group filtering problem

> Srinivasa Chary wrote:
>
> > I am getting problem when doing group filtering using from windows 2003
> > server. I am using squid-2.5.STABLE3 and samba-3.0.0
>
> > i am able to authenticate all the users perfectly with out group
> > varification, when i want to do group filtering it is not applying .
>
> Can you be a little more specific on what happens when it doesn't work?
>
> > Squid.conf:
>
> > external_acl_type NT_global_group %LOGIN /etc/squid/wbinfo_group.pl
> > acl AllowedNTUsers external NT_global_group "/etc/squid/allowedntgroups"
> > acl LoggedInUsers proxy_auth REQUIRED
>
> > http_access allow AllowedNTUsers
> > http_access allow LoggedInUsers
> > http_access deny !AllowedNTUsers
> > http_access deny !LoggedInUsers
>
> So you allow access to anyone in an allowed group, then allow access to
> anyone who authenticates successfully. If this is what you want, then
these
> settings are fine (though the explicit "deny" lines are unneeded).
>
> > http_access allow manager localhost
> > http_access deny manager
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > http_access deny all
>
> With the exception of the "deny all" rule, these rules should come before
> your own http_access rules (the "deny all" line should come after).
>
> > smb.conf
>
> Since your authentication works, your Samba settings are fine.
>
> > wbinfo_group.pl
>
> Unless you changed the script (other than specifying the full path to
> wbinfo), there's no need to post it.
>
> Adam
>
>
>
Received on Sun Feb 13 2005 - 00:43:35 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST