Search squid archive

cross-domain in Active Directory 2003 with Squid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello!

I already tried 2 weeks to install Squid 2.6.STABLE18 for Windows. So what 
I want is following:

I created a group in the Active Directory with the Name "InternetUsers", 
Group Scope "Domain local", Group Type "Security". The group scope "Domain 
local" is mandatory because we have AD-Trusts with other divisions and the 
users have the need to login into the Internet from this cross-domain over 
my Squid. An Example:

User in this group:

mydomain1\testuser
mydomain2\testuser
mydomain3\testuser

Result of my configuration:

Only the mydomain1 users can login successfully with the proxy settings. 
The other one get a "DINIED" from the squid. So please can somebody help 
me with my specific problem??

Here are my settings and configurations:

My System:

Windows Server 2003 Standard Edition SP2
2.3 GHZ
512 MB-RAM
8 GByte - HDD
no other services are running
is in domain mydomain1
(Is installed on VMWare ESX-Server)

AD-Server:

Active Directory 2003

Squid Configuration:

Installed the Squid Service with these cmd-instructions:
C:\squid\sbin\squid.exe -i -f "C:/squid/etc/squid.conf" -n "Squid1"
and
C:\squid\sbin\squid.exe -z -f "C:/squid/etc/squid.conf"
for creating the cash

After then I changed the squid.conf file:

auth_param basic program C:/squid/libexec/squid_ldap_auth.exe -R -b 
"dc=stec-01,dc=s-tec" -D "cn=Administrator,cn=Users,dc=stec-01,dc=s-tec" 
-w "password" -f sAMAccountName=%s -h 172.27.208.59 -p 3268
auth_param basic children 5
auth_param basic realm Squid Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

external_acl_type InetGroup %LOGIN C:/squid/libexec/squid_ldap_group.exe 
-R -b "dc=mydomain,dc=at" -D "cn=Administrator,cn=Users,dc=mydomain,dc=at" 
-w password -f 
"(&(objectclass=person)(sAMAccountName=%v)(memberof=CN=%a,OU=Groups,DC=mydomain,DC=at))" 
-h 172.27.208.59 -p 3268

acl localMAGNA dstdomain .mydomain1.at .mydomain2.at .mydomain3.at
acl localnet proxy_auth REQUIRED
acl ProxyUsers external InetGroup InternetUsers

http_access allow localMAGNA
http access allow ProxyUsers

First Time I have tried to make this with LDAP. The same with ntlm.

Thank you very much in advance for your help.

With kind regards
Martin
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux