Truth Seeker wrote:
Any help is really appreciated!!!
Try being case-sensitive in the group names. The ones you
configured Squid with do not match the ones you detailed as
example. Assuming both were correct they may be mis-matched
because 'S' is not 's' etc.
It was my mistake in the mail. all are lowercase in group names as well as in squid.conf
Try also with this as the first of the auth ACL:
acl AuthorizedUsers proxy_auth REQUIRED
http_access deny !AuthorizedUsers
it will force a login if none is supplied.
I tried this too, but No hope. Once again the following is my environment.
Win 2k3 (with ADS) <---> Squid Proxy (squid-3.0.STABLE13-1.el5) on CentOS 5.3 (Samba, Winbind, Kerberos, squid configured)
now this are my entries;
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2..5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl AuthorizedUsers proxy_auth REQUIRED
http_access deny !AuthorizedUsers
external_acl_type unix_group %LOGIN /usr/lib/squid/squid_unix_group
Oh, hang on. UNIX groups are not the same as AD groups.
I think that helper is probably not testing AD compatible.
Try the winbind group helper wbinfo_group.pl
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
Current Beta Squid 3.1.0.13
