Hi, At 09.28 20/06/2005, Tom Cannaerts wrote:
Hi, I'm new to Squid, and I can't seem to solve this problem (probably overlooking something) I'm using SquidNT running on a Windows Server 2003 Active Directory controller, and want to restrict access to a specific Windows user group (InternetUsers). What happens is that I always get a permission denied page, and the browser does not prompt me for a username/password (tried both IE and FireFox). I found a linux example on how this should be done (using a perl script), and changed it to use the exe files supplied with SquidNT, but it ain't working.
The behaviour is as expected.
Here are the relevant lines of my squid.conf auth_param ntlm program c:/squid/libexec/win32_ntlm_auth.exe auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm use_ntlm_negotiate off
Usage of auth_param ntlm use_ntlm_negotiate on is recommended on Windows.
auth_param basic program c:/squid/libexec/NT_auth.exe auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off external_acl_type NT_local_group %LOGIN c:/squid/libexec/win32_check_group.exe acl LProxyUsers external NT_local_group InternetUsers acl password proxy_auth REQUIRED http_access allow password LProxyUsers http_access deny all
win32_check_group.exe helper cannot lookup by design into DOMAIN Local Groups, but only into MACHINE local group. You cannot use Local groups on a Domain Controller, use Global groups instead.
If anyone has done something similar, or simply knows how this must be done, please help me out.
First step: try with user authentication only, when it works, try with group authorization.
Regards Guido - ======================================================== Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.serassio@xxxxxxxxxxxxxxxxx WWW: http://www.acmeconsulting.it/