Isnard, Thank you for your Tip. I changed the entry in squid.conf and the cache worked, but there are similar entries in the cache.log. But maybe I´m on the wrong way. Let me explain: We want to give Internet Access to users that are member of a Windows AD group. Isn´t it easier to use squid_ldap_group ? Regards, Ralf -----Ursprüngliche Nachricht----- Von: Isnard Jaquet [mailto:isnardjunior@xxxxxxxxx] Gesendet: Dienstag, 27. November 2007 14:05 An: squid-users@xxxxxxxxxxxxxxx Betreff: Re: AW: Authentication on Active Directory Ralf, Squid 2.6 has changed external_acl_type parameter from concurrency to children, so try changing it to: external_acl_type www_group ttl=0 children=5 % LOGIN /usr/lib/squid/squid_unix_group -g www external_acl_type ebay_group ttl=0 children=5 % LOGIN /usr/lib/squid/squid_unix_group -g Ebay Regards, Isnard On Tue, 2007-11-27 at 12:31 +0100, Ralf.Lutz@xxxxxxxxxxxxx wrote: > @Adrian: Thank you for youre fast answer. Maybe you can help me a bit with the configuration with Kerberos ? > > Most steps are working on my system: > > - I have a Kerberos ticket > - wbinfo -g shows the groups in the AD > - getent -g shows the groups in the AD, too > > But there´s a problem with the squid configuration: > > I have the following entrie in the squid.conf: > > external_acl_type www_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/squid_unix_group -g www > external_acl_type ebay_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/squid_unix_group -g Ebay > > Users in the two groups www and Ebay should go to the internet. This worked on our "old" proxy with squid 2.5 without Kerberos. > > If I now start squid and use it as proxy, I get a TCP_DENIED in the access.log and in the cache.log the following entries: > > helper: Group does not exist 'Lutz' > helper: Group does not exist 'X<AB>^D^H<F2><87>^D^H' > helper: Group does not exist '<88>^Wοy<97>^D^Hu<B8>v' > helper: Group does not exist '<C9><C3>' > helper: Group does not exist '<9C><8D><87>' > helper: Group does not exist '<A0>6z' > helper: Group does not exist '<E8>^Wο<EC>]u' > helper: Group does not exist '<8D><83><E8><FE><FF><FF><89>E<F0><8D><83><E8><FE><FF><FF>)E<F0><C1>}<F0>^B<8B>U > <B6>' > helper: Group does not exist '<81><C3>^?<D7>^P' > helper: Group does not exist '_^\ο<8A>^\ο<9A>^\ο<A5>^\ο<B3>^\ο<D3>^\ο<E6>^\ο<F0>^\ο<B3>^^ο<D6>^^ο<F0>^^ο<FF> > ^^ο^T^_ο%^_ο;^_οC^_οP^_ο<81>^_ο<A3>^_ο<B8>^_ο<CA>^_ο' > helper: Group does not exist '^C' > helper: Group does not exist '<9C><8D><87>' > helper: Group does not exist '' > helper: Group does not exist 'Lutz' > helper: Group does not exist 'X<AB>^D^H<F2><87>^D^H' > helper: Group does not exist 'x6<97><BF>y<97>^D^Hu<B8>v' > helper: Group does not exist '<C9><C3>' > helper: Group does not exist '<9C><8D><87>' > helper: Group does not exist '<A0>6z' > helper: Group does not exist '<D8>6<97><BF><EC>]u' > helper: Group does not e<B6>''<8D><83><E8><FE><FF><FF><89>E<F0><8D><83><E8><FE><FF><FF>)E<F0><C1>}<F0>^B<8B>U > helper: Group does not exist '<81><C3>^?<D7>^P' > helper: Group does not exist '_L<97><BF><8A>L<97><BF><9A>L<97><BF><A5>L<97><BF><B3>L<97><BF><D3>L<97><BF><E6> > L<97><BF><F0>L<97><BF><B3>N<97><BF><D6>N<97><BF><F0>N<97><BF><FF>N<97><BF>^TO<97><BF>%O<97><BF>;O<97><BF>CO > <97><BF>PO<97><BF><81>O<97><BF><A3>O<97><BF><B8>O<97><BF><CA>O<97><BF>' > helper: Group does not exist '^C' > helper: Group does not exist '<9C><8D><87>' > helper: Group does not exist '' > > Have you an idea ?