Hi nick,
I don't have much experience on squid + Windows plataform but i
recommend you to take the following way, you must try to separate
authenticators and group clasificators by topic, i think you must use
ntlm_auth with wbinfo_group or squid_ldap_auth with squid_ldap_group
trying not mixing both. I hope this help you.
nick w escribió:
Hi,
I have had a look through the threads and see that there are a few
threads on this particular issue but dealing with Unix based squid
servers and not Windows platforms. I am having a little trouble
getting the squid_ldap_group helper working with NTLM_Auth and running
on a W2K3 server. With the config below when you try to browse the net
the browser just hangs trying to contact the website, no access denied
message appears and I am assuming that the browser has not had a
response back from squid. I have checked the cache.log file and I see
entries in there saying that the request matched a denied acl rule and
access is denied. If you are not in the AD group for denying inet
access you get the same browser hang. Not sure what to do from here.
auth_param ntlm program c:/proxy/libexec/win32_ntlm_auth.exe
auth_param ntlm children 40
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate on
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
external_acl_type ldap_group %LOGIN
C:\Proxy\libexec\squid_ldap_group.exe -b OU=xxx,DC=xxx,DC=xxx -f
OU=xxx,DC=xxx,DC=xxx -F OU=xxx,DC=xxx,DC=xxx -h LDAP_server_name -p
389 -S
acl inet_deny external ldap_group
CN=No-Internet-Access,OU=xxx,DC=xxx,DC=xxx
http_access deny inet_deny
Any help would be greatly appreciated.
__________ Informaci�n de NOD32, revisi�n 2413 (20070723) __________
Este mensaje ha sido analizado con NOD32 antivirus system
http://www.nod32.com