Henrik Nordstrom ha scritto:
mån 2006-10-02 klockan 13:47 +0200 skrev Helpdesk:
Hi,
I'm running squid-2.5.STABLE6-3.4E.12 and samba-3.0.10-1.4E.9 on CentOS
4.4, all is working fine but I don't understand how to configure
external ip_user_check with AD group:
No wonder, it's not something supported by ip_user_check.
My proxy server joined our active directory domanin (with samba,
kerberos,nsswitch etc.) so I think AD users/groups could be known to the
OS, an AD user can login via ssh, can access samba shares etc.
ip_user_check seem to know user but not group
The only groups known to ip_user_check is the groups known to the OS.
nsswitch.conf:
...
passwd: files winbind
shadow: files
group: files winbind
...
But you can combine other ACLs to get the desired results.
For the explicit user names use ip_user as you already have.
For l2 use a wbinfo_group acl + and src acl.
Yes - It works - but I would like to understand why ip_user_check
doesn't :-)
tkx
P.S.
Sorry for my wrong private posting
