Hi guys, Am having a system running squid that authenticates users from the Active Directory. Squid is version 2.6 STABLE6 running in CentOS 5.1. It authenticates users according to the various groups that have been defined in the Active Directory. If i run squid directly, it authenticates users according to their groups but in the case of implementing Dansguardian which is to act as a guard then the authentication of groups fail miserably. but if i just authenticate everyone from the AD, it works well only that it doesnt log the usernames but the IP addresses of the users. #MY CHANGES------------------------------------------------------------------- auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 20 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off ##END HERE-------------------------------------------------------------------- external_acl_type wbinfo_group_helper %LOGIN /usr/lib/squid/wbinfo_group.pl ##MY CHANGES----------------------- acl my_network src 10.1.0.0/20 acl ntlm_users proxy_auth REQUIRED acl usergroup1 external wbinfo_group_helper internetusers acl group1 external wbinfo_group_helper directorsinternet seniormanagers itinternet auditandsystem acl group2 external wbinfo_group_helper hrinternet financeinternet citinternet guardinginternet securitysystems salesandmarketing transportinternet acl user1_ports port 21 25 80 110 443 10000 acl user2_ports port 21 25 80 110 443 acl user3 port 80 443 http_access allow usergroup1 http_access allow my_network http_access allow localhost http_access allow ntlm_users #http_access deny manager http_access allow group1 user1_ports http_access allow group2 user2_ports # And finally deny all other access to this proxy http_access allow SSL_ports http_access deny !Safe_ports http_access deny all ##--------------------------------- for Dansguardian filterip = 10.1.0.81 # the port that DansGuardian listens to. filterport = 8080 # the ip of the proxy (default is the loopback - i.e. this server) proxyip = 10.1.0.81 # the port DansGuardian connects to proxy on proxyport = 3128 # Auth plugins # These replace the usernameidmethod* options in previous versions. They # handle the extraction of client usernames from various sources, such as # Proxy-Authorisation headers and ident servers, enabling requests to be # handled according to the settings of the user's filter group. # Multiple plugins can be specified, and will be queried in order until one # of them either finds a username or throws an error. For example, if Squid # is configured with both NTLM and Basic auth enabled, and both the 'proxy-basic' # and 'proxy-ntlm' auth plugins are enabled here, then clients which do not support # NTLM can fall back to Basic without sacrificing access rights. # # If you do not use multiple filter groups, you need not specify this option. # #authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-basic.conf' #authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-digest.conf' authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-ntlm.conf' #authplugin = '/usr/local/etc/dansguardian/authplugins/ident.conf' #authplugin = '/usr/local/etc/dansguardian/authplugins/ip.conf' These are my acls'. They work in my small testing environment but when i try to implement them in the clients environment, they just refuse to work. Could someone please help.
