Hi all, I am trying to replace our IIS&MS-Proxy Server with squid and linux. My test server is a Debian GNU/linux sarge 3.1 with squid 2.5 stable 6 and I installed samba and winbind 3.0.7 so the users can be authenticated through the domain server like before. I think I made all necessary configurations with samba because all the tests are OKs : wbinfo -u : showed all user members of the domain wbinfo -g : showed the groups of the domain wbinfo -p : success wbinfo -t : success wbinfo -m : SERVER BUILTIN wbinfo -a user%pass : success wbinfo --get-auth-user : DOMAIN\Administrateur getent passwd : showed local users and domain users Below is my squid.conf : refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 positive_dns_ttl 48 hours auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm use_ntlm_negotiate off auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl QUERY urlpath_regex cgi-bin \? acl lan src 10.1.0.0/24 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 873 acl Safe_ports port 80 21 443 563 70 210 1025-65535 280 488 591 777 631 873 901 acl purge method PURGE acl CONNECT method CONNECT acl unrestricted proxy_auth DOMAIN\nirina acl Authenticated proxy_auth REQUIRED no_cache deny QUERY # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Only allow purge requests from localhost http_access allow purge localhost http_access deny purge # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow lan #http_access allow unrestricted #http_access deny !Authenticated # And finally deny all other access to this proxy http_access deny all http_reply_access allow all icp_access allow all acl local_server dst 10.9.28.0/24 10.9.29.0/24 always_direct allow local_server always_direct deny !local_server never_direct allow all coredump_dir /var/spool/squid And when I try to connect with a client, there is no dialog box for authentication. However, the proxy works because I can really surf the web. In winbindd log file, I find : "nsswitch/winbindd_group.c:winbindd_getgroups(1059) user 'root' does not exist" Is this the problem? If so, how can I fix that and make it work? TYIA __________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
