> >
> >
> > Any help is really appreciated!!!
> >
> >
>
> Try being case-sensitive in the group names. The ones you
> configured Squid with do not match the ones you detailed as
> example. Assuming both were correct they may be mis-matched
> because 'S' is not 's' etc.
It was my mistake in the mail. all are lowercase in group names as well as in squid.conf
>
>
> Try also with this as the first of the auth ACL:
> acl AuthorizedUsers proxy_auth REQUIRED
> http_access deny !AuthorizedUsers
>
> it will force a login if none is supplied.
I tried this too, but No hope. Once again the following is my environment.
Win 2k3 (with ADS) <---> Squid Proxy (squid-3.0.STABLE13-1.el5) on CentOS 5.3 (Samba, Winbind, Kerberos, squid configured)
now this are my entries;
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2..5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl AuthorizedUsers proxy_auth REQUIRED
http_access deny !AuthorizedUsers
external_acl_type unix_group %LOGIN /usr/lib/squid/squid_unix_group
acl senior_acl external unix_group senior
acl engineer_acl external unix_group engineer
acl restricted_acl external unix_group restricted
acl guestgroup_acl external unix_group guestgroup
acl parttime_acl external unix_group parttime
some restrictions like bad sites, proxy sites, game sites, time based restrictions, etc, here...
http_access allow senior_acl
http_access allow engineer_acl
http_access allow restricted_acl
http_access allow guestgroup_acl
http_access allow parttime_acl
http_access deny all
If i put "http_access allow AuthorizedUsers" just below the "http_access deny !AuthorizedUsers", it again start allowing all authenticated users, and restricting others. But the group based is not working for me.
>
> Amos
Kindly advice...
