Search squid archive

Re: if this is posted somewhere.. please tell me where to go... AD groups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Chris, this works great!  One note to anyone trying it... if you have 'winbind separator = \' in your smb.conf, this works.. but it does matter.  I banged my head on this for about 15 minutes and then change my auth-param line to read --require-membership-of="our_ad_domain+proxyusers_group".. because my winbind line is 'winbind separator = +'

Works great Chris, thanks again!



----- Original Message ----
From: chris brain <chris.brain@xxxxxxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxx
Sent: Thursday, August 21, 2008 10:26:15 PM
Subject: Re:  if this is posted somewhere.. please tell me where to go... AD groups

Hi From my experience with NTLM and AD this is the best way we found to 
implement group membership :

ntlm_auth already has a mechanism to provide this its just that the doco is 
difficult to follow.

squid.conf :

auth_param basic program 
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="our_ad_domain\\proxyusers_group"

auth_param ntlm program 
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="our_ad_domain\\proxyusers_group"

where our_ad_domain = the AD domain
where proxyusers_group = the group of users allowed to access the proxy

We found that  \\ and " must be included for this top work correctly.

Thanks Chris 



------------------------------------------------------------------------------------
West Australian Newspapers Group
------------------------------------------------------------------------------------ 
Privacy and Confidentiality Notice

The information contained herein and any attachments are intended solely for the named recipients. It may contain privileged confidential information.  If you are not an intended recipient, please delete the message and any attachments then notify the sender. Any use or disclosure of the contents of either is unauthorised and may be unlawful. Any liability for viruses is excluded to the fullest extent permitted by law.

Advertising Terms & Conditions
Please refer to the current rate card for advertising terms and conditions.  The rate card is available on request or via www.thewest.com.au

Unsubscribe
If you do not wish to receive emails such as this in future please reply to it with "unsubscribe" in the subject line.
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux