Understood and it worked.. You have been of great help. Here's what i want to achieve from this.. I have about 40 samba users logging into the samba domain using winxp. The squid and samba runs on the same server. This setup is for an NGO - Educational Institute and the students really misuse the internet. So, i want to give them access only when required and without authentication. Say for example, every wednesday from 10:00-12:00PM and everyday 6:00-8:00PM. So, when users from WINXP login to the domain, the internet should work only the timings mentioned above but without authentication.. I am trying out different options. .. i hope i figure this out. Thanks Avinash On Tue, Aug 18, 2009 at 8:48 PM, Amos Jeffries<squid3@xxxxxxxxxxxxx> wrote: > Avinash Rao wrote: >> >> /etc/init.d/squid restart >> * Restarting Squid HTTP proxy squid >> 2009/08/18 14:04:15| Invalid Proxy Auth ACL 'acl >> AuthorizedUsers proxy_auth REQUIRED' because no authentication schemes >> are fully configured. >> FATAL: Bungled squid.conf line 39: acl AuthorizedUsers proxy_auth REQUIRED >> Squid Cache (Version 2.6.STABLE18): Terminated abnormally. >> >> [fail] >> > > Order for most things is VERY VERY important in squid.conf > > You are trying to tell squid what to do with authentication (ACL) before it > has reached the section which turns authentication on (auth_param). > > Amos > >> squid.conf >> >> root@sunbox:/var/log/squid# more /etc/squid/squid.conf >> visible_hostname sunbox >> hierarchy_stoplist cgi-bin ? >> acl QUERY urlpath_regex cgi-bin \? >> no_cache deny QUERY >> hosts_file /etc/hosts >> http_port 100.100.100.50:3128 >> refresh_pattern ^ftp: 1440 20% 10080 >> refresh_pattern ^gopher: 1440 0% 1440 >> refresh_pattern . 0 20% 4320 >> acl all src 0.0.0.0/0.0.0.0 >> acl manager proto cache_object >> acl localhost src 127.0.0.1/255.255.255.255 >> acl to_localhost dst 127.0.0.0/8 >> acl SSL_ports port 443 563 >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 563 # https, snews >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 631 # cups >> acl Safe_ports port 777 # multiling http >> acl Safe_ports port 901 # SWAT >> acl Safe_ports port 993 # IMAP >> acl Safe_ports port 587 # SMTP >> acl Safe_ports port 22 # SSH >> acl purge method PURGE >> acl special_urls url_regex "/etc/squid/squid-noblock.acl" >> acl extndeny url_regex -i "/etc/squid/blocks.files.acl" >> acl malware_block_list url_regex -i "/etc/squid/malware_block_list.txt" >> acl badurl url_regex -i teen orkut youtube sex mp3 mp4 exe >> acl lan src 192.168.1.0 100.100.100.0/24 >> acl stud ident_regex babu >> acl download method GET >> acl CONNECT method CONNECT >> acl AuthorizedUsers proxy_auth REQUIRED >> cache_mem 100 MB >> #redirect_program /usr/bin/squidGuard –c /etc/squid/squidGuard.conf >> ident_lookup_access allow all >> http_access deny all >> http_access allow manager localhost >> http_access deny manager >> http_access allow purge localhost >> http_access allow special_urls >> http_access deny extndeny download >> http_access deny extndeny >> http_access deny purge >> http_access deny !Safe_ports >> http_access deny CONNECT !SSL_ports >> http_access deny badurl >> http_access deny malware_block_list >> deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list >> http_access allow localhost >> http_access allow lan >> http_reply_access allow all >> http_access allow AuthorizedUsers >> http_access deny all >> icp_access allow all >> coredump_dir /var/spool/squid >> >> >> auth_param ntlm program /usr/bin/ntlm_auth >> --helper-protocol=squid-2.5-ntlmssp >> auth_param ntlm children 30 >> auth_param ntlm max_challenge_reuses 0 >> auth_param ntlm max_challenge_lifetime 2 minutes >> # ntlm_auth from Samba 3 supports NTLM NEGOTIATE packet >> auth_param ntlm use_ntlm_negotiate on >> >> # warning: basic authentication sends passwords plaintext >> # a network sniffer can and will discover passwords >> auth_param basic program /usr/bin/ntlm_auth >> --helper-protocol=squid-2.5-basic >> auth_param basic children 5 >> auth_param basic realm Squid proxy-caching web server >> auth_param basic credentialsttl 2 hours >> >> >> Thanks >> Avinash >> >> >> On Tue, Aug 18, 2009 at 12:33 PM, Chris >> Boczko<Christopher.Boczko@xxxxxxxxxxxxx> wrote: >>> >>> checking the trust secret via RPC calls succeeded means the secret is >>> good, they changed the wording a while back, glad you're working >>> >>> chris >>> >>> Kind Regards, >>> Christopher Boczko >>> Server Support Analyst - IT Shared Services >>> HomeServe >>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS >>> >>> DDI: 01482 677272 >>> Mob: 07967 059241 >>> >>> www.homeserve.com >>> www.chemdry.co.uk >>> >>> DDI: 01482 677272 >>> Mob: 07967 059241 >>> >>> www.homeserve.com >>> www.chemdry.co.uk >>> >>> >>> -----Original Message----- >>> From: Avinash Rao [mailto:avinash.aol@xxxxxxxxx] >>> Sent: 17 August 2009 16:38 >>> To: Chris Boczko >>> Subject: Re: Need help in integrating squid and samba >>> >>> Chris, >>> >>> Please don't get bugged, wbinfo -g is working now .. >>> wbinfo -g >>> BUILTIN\administrators >>> BUILTIN\users >>> >>> and even wbinfo -t >>> >>> wbinfo -t >>> checking the trust secret via RPC calls succeeded >>> >>> but it didn't give the out "the secret is good" . I have no idea how >>> this is working all of a sudden, it didn't work a little while ago! >>> >>> Regards, >>> Avinash >>> >>> >>> >>> On Mon, Aug 17, 2009 at 8:58 PM, Avinash Rao<avinash.aol@xxxxxxxxx> >>> wrote: >>>> >>>> Yes, Squid and Samba(PDC) are running on the same server. >>>> >>>> wbinfo -g won't work as i have not created any of the NT Domain Groups >>>> is that necessary? Coz, i have a very simple samba configuration. >>>> >>>> I went through the link and made changes to nsswitch conf. >>>> >>>> wbinfo -set-auth-user=Administrator%'password' >>>> Could not lookup sid Administrator%password >>>> >>>> But, I could join the domain, i just entered net join and entered the >>>> current users password and it said joined the domain! >>>> wbinfo -u >>>> Error looking up domain users >>>> >>>> Thanks again >>>> Avinash >>>> >>>> >>>> >>>> On Mon, Aug 17, 2009 at 8:29 PM, Chris >>>> Boczko<Christopher.Boczko@xxxxxxxxxxxxx> wrote: >>>>> >>>>> Right ok, >>>>> >>>>> So squid is running samba (as a pdc) and squid as a cache? >>>>> >>>>> Can you try running wbinfo -g, and if that doesn't work, try running >>>>> wbinfo --set-auth-user=Administrator%'YourPassword' (see: >>>>> http://www.debian-administration.org/article/Question_Winbind_on_samba_PDC), >>>>> the run wbinfo -g again >>>>> >>>>> Kind Regards, >>>>> Christopher Boczko >>>>> Server Support Analyst - IT Shared Services >>>>> HomeServe >>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS >>>>> >>>>> DDI: 01482 677272 >>>>> Mob: 07967 059241 >>>>> >>>>> www.homeserve.com >>>>> www.chemdry.co.uk >>>>> >>>>> DDI: 01482 677272 >>>>> Mob: 07967 059241 >>>>> >>>>> www.homeserve.com >>>>> www.chemdry.co.uk >>>>> >>>>> >>>>> -----Original Message----- >>>>> From: Avinash Rao [mailto:avinash.aol@xxxxxxxxx] >>>>> Sent: 17 August 2009 15:56 >>>>> To: Chris Boczko >>>>> Subject: Re: Need help in integrating squid and samba >>>>> >>>>> Yes its on the squid server and its a PDC and the passwd backend is >>>>> tdbsam >>>>> >>>>> >>>>> >>>>> On Mon, Aug 17, 2009 at 8:22 PM, Chris >>>>> Boczko<Christopher.Boczko@xxxxxxxxxxxxx> wrote: >>>>>> >>>>>> This is on the squid server? >>>>>> >>>>>> Its trying to be a pdc >>>>>> >>>>>> >>>>>> domain logons = yes >>>>>> os level = 65 >>>>>> prefered master = yes >>>>>> domain master = yes >>>>>> local master = yes >>>>>> >>>>>> Kind Regards, >>>>>> Christopher Boczko >>>>>> Server Support Analyst - IT Shared Services >>>>>> HomeServe >>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS >>>>>> >>>>>> DDI: 01482 677272 >>>>>> Mob: 07967 059241 >>>>>> >>>>>> www.homeserve.com >>>>>> www.chemdry.co.uk >>>>>> >>>>>> DDI: 01482 677272 >>>>>> Mob: 07967 059241 >>>>>> >>>>>> www.homeserve.com >>>>>> www.chemdry.co.uk >>>>>> >>>>>> >>>>>> -----Original Message----- >>>>>> From: Avinash Rao [mailto:avinash.aol@xxxxxxxxx] >>>>>> Sent: 17 August 2009 15:51 >>>>>> To: Chris Boczko >>>>>> Subject: Re: Need help in integrating squid and samba >>>>>> >>>>>> smb.conf >>>>>> >>>>>> [global] >>>>>> workgroup = abc >>>>>> server string = Samba on SUN >>>>>> max log size = 500 >>>>>> log level = 1 >>>>>> interfaces = eth2 100.100.100.251 >>>>>> bind interfaces only = True >>>>>> >>>>>> log file = /var/log/samba/log.%m >>>>>> max log size = 1000 >>>>>> >>>>>> domain logons = yes >>>>>> os level = 65 >>>>>> prefered master = yes >>>>>> domain master = yes >>>>>> local master = yes >>>>>> >>>>>> winbind uid = 10000-20000 >>>>>> winbind gid = 10000-20000 >>>>>> winbind use default domain = yes >>>>>> >>>>>> add machine script = /usr/sbin/useradd -s /bin/false -d /home/nobody >>>>>> %u >>>>>> dns proxy =No >>>>>> hosts allow = 127. 100.100.100. >>>>>> wins support = Yes >>>>>> passdb backend = smbpasswd >>>>>> >>>>>> encrypt passwords = true >>>>>> smb passwd file = /etc/samba/smbpasswd >>>>>> security = user >>>>>> netbios name = sunbox >>>>>> username map = /etc/samba/smbusers >>>>>> >>>>>> [homes] >>>>>> comment = Home Dir >>>>>> read only = NO >>>>>> browseable = NO >>>>>> valid users = %S >>>>>> path = %H >>>>>> directory mask = 0700 >>>>>> create mask = 0700 >>>>>> >>>>>> >>>>>> [share] >>>>>> comment = test share >>>>>> path = /sambashare >>>>>> valid users = nimda >>>>>> create mask = 0765 >>>>>> >>>>>> >>>>>> Cheers >>>>>> Avinash >>>>>> >>>>>> >>>>>> On Mon, Aug 17, 2009 at 8:04 PM, Chris >>>>>> Boczko<Christopher.Boczko@xxxxxxxxxxxxx> wrote: >>>>>>> >>>>>>> Ah, make a little more sense, but i'm afraid my only experience is >>>>>>> with windows as a active directory controller and samba linking to that, but >>>>>>> i can still take a look at your smb.conf if you would like >>>>>>> >>>>>>> Kind Regards, >>>>>>> Christopher Boczko >>>>>>> Server Support Analyst - IT Shared Services >>>>>>> HomeServe >>>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS >>>>>>> >>>>>>> DDI: 01482 677272 >>>>>>> Mob: 07967 059241 >>>>>>> >>>>>>> www.homeserve.com >>>>>>> www.chemdry.co.uk >>>>>>> >>>>>>> DDI: 01482 677272 >>>>>>> Mob: 07967 059241 >>>>>>> >>>>>>> www.homeserve.com >>>>>>> www.chemdry.co.uk >>>>>>> >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Avinash Rao [mailto:avinash.aol@xxxxxxxxx] >>>>>>> Sent: 17 August 2009 15:30 >>>>>>> To: Chris Boczko >>>>>>> Cc: squid-users@xxxxxxxxxxxxxxx >>>>>>> Subject: Re: Need help in integrating squid and samba >>>>>>> >>>>>>> Dear Christopher, >>>>>>> >>>>>>> Thank you for your reply. >>>>>>> >>>>>>> I am not using Active Directory, I am using a samba as a PDC (NT4) >>>>>>> and >>>>>>> its a simple configuration. All clients are WinXP and they login to >>>>>>> the domain and i just want to control their access to internet that >>>>>>> is >>>>>>> all. >>>>>>> >>>>>>> And there is no other Windows NT domain machine in my network, its >>>>>>> just this ubuntu server running squid and samba! >>>>>>> >>>>>>> If i am right? wbinfo -t will not work coz, i don't have a windows NT >>>>>>> domain machine and no trust exists. But, how do i control, restrict >>>>>>> or >>>>>>> allow internet access for samba domain users through squid? >>>>>>> >>>>>>> Many Thanks >>>>>>> Avinash >>>>>>> >>>>>>> >>>>>>> On Mon, Aug 17, 2009 at 7:50 PM, Chris >>>>>>> Boczko<Christopher.Boczko@xxxxxxxxxxxxx> wrote: >>>>>>>> >>>>>>>> Yes, >>>>>>>> >>>>>>>> If you are using active directory 2000/2003/2008, you'll need to >>>>>>>> configure krb5 first >>>>>>>> >>>>>>>> Please see http://ubuntuforums.org/showthread.php?t=91510 , but you >>>>>>>> only need to follow steps 1-3, then 7-9 >>>>>>>> >>>>>>>> Then run >>>>>>>> >>>>>>>> Wbinfo -t to check the trust and >>>>>>>> Wbinfo -g to list groups >>>>>>>> >>>>>>>> Kind Regards, >>>>>>>> Christopher Boczko >>>>>>>> Server Support Analyst - IT Shared Services >>>>>>>> HomeServe >>>>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS >>>>>>>> >>>>>>>> DDI: 01482 677272 >>>>>>>> Mob: 07967 059241 >>>>>>>> >>>>>>>> www.homeserve.com >>>>>>>> www.chemdry.co.uk >>>>>>>> >>>>>>>> DDI: 01482 677272 >>>>>>>> Mob: 07967 059241 >>>>>>>> >>>>>>>> www.homeserve.com >>>>>>>> www.chemdry.co.uk >>>>>>>> >>>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: Avinash Rao [mailto:avinash.aol@xxxxxxxxx] >>>>>>>> Sent: 17 August 2009 14:57 >>>>>>>> To: Chris Boczko >>>>>>>> Subject: Re: Need help in integrating squid and samba >>>>>>>> >>>>>>>> root@sunbox: net join -U user >>>>>>>> Password: >>>>>>>> Creation of workstation account failed >>>>>>>> Unable to join domain abc >>>>>>>> >>>>>>>> user@sunbox:/usr/lib/squid$ net join -U user1 >>>>>>>> [2009/08/17 19:24:05, 0] passdb/secrets.c:secrets_init(66) >>>>>>>> Failed to open /var/lib/samba/secrets.tdb >>>>>>>> [2009/08/17 19:24:05, 0] utils/net_rpc.c:rpc_oldjoin_internals(309) >>>>>>>> error storing domain sid for abc >>>>>>>> >>>>>>>> No, I haven't configured krb5. Do we need all this just to control >>>>>>>> internet access for samba domain users? >>>>>>>> >>>>>>>> Avinash >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Aug 17, 2009 at 7:19 PM, Chris >>>>>>>> Boczko<Christopher.Boczko@xxxxxxxxxxxxx> wrote: >>>>>>>>> >>>>>>>>> Have you run net join on the squid server (from the command line), >>>>>>>>> and have you configured krb5? >>>>>>>>> >>>>>>>>> Does kinit (user)@(domain).(domain) work? >>>>>>>>> >>>>>>>>> Kind Regards, >>>>>>>>> Christopher Boczko >>>>>>>>> >>>>>>>>> >>>>>>>>> -----Original Message----- >>>>>>>>> From: Avinash Rao [mailto:avinash.aol@xxxxxxxxx] >>>>>>>>> Sent: 17 August 2009 14:47 >>>>>>>>> To: Chris Boczko >>>>>>>>> Subject: Re: Need help in integrating squid and samba >>>>>>>>> >>>>>>>>> Samba Version: >>>>>>>>> >>>>>>>>> dpkg -l | grep samba >>>>>>>>> ii samba 3.0.28a-1ubuntu4.8 a LanManager-like file and printer >>>>>>>>> server fo >>>>>>>>> ii samba-common 3.0.28a-1ubuntu4.8 Samba common files used by >>>>>>>>> both >>>>>>>>> the server a >>>>>>>>> >>>>>>>>> Ubuntu 8.04 Server 64-bit. >>>>>>>>> >>>>>>>>> Net Join? You mean from a windows client? I have only winXP clients >>>>>>>>> and they are all configured to login to the domain. >>>>>>>>> >>>>>>>>> Avinash >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Aug 17, 2009 at 7:07 PM, Chris >>>>>>>>> Boczko<Christopher.Boczko@xxxxxxxxxxxxx> wrote: >>>>>>>>>> >>>>>>>>>> Have you tried rejoining the domain using >>>>>>>>>> >>>>>>>>>> Net join ? >>>>>>>>>> >>>>>>>>>> Then testing the join with >>>>>>>>>> >>>>>>>>>> Wbinfo -t >>>>>>>>>> >>>>>>>>>> Also, which version of debian / samba / ad are you running? >>>>>>>>>> >>>>>>>>>> Kind Regards, >>>>>>>>>> Christopher Boczko >>>>>>>>>> >>>>>>>>>> -----Original Message----- >>>>>>>>>> From: Avinash Rao [mailto:avinash.aol@xxxxxxxxx] >>>>>>>>>> Sent: 17 August 2009 14:25 >>>>>>>>>> To: squid-users@xxxxxxxxxxxxxxx >>>>>>>>>> Subject: Fwd: Need help in integrating squid and >>>>>>>>>> samba >>>>>>>>>> >>>>>>>>>> Thanks for the quick response. >>>>>>>>>> And, yes i will install squid using apt-get install command. >>>>>>>>>> The basic winbindd functionality "wbinfo -t": is not successful >>>>>>>>>> >>>>>>>>>> wbinfo -t >>>>>>>>>> checking the trust secret via RPC calls failed >>>>>>>>>> error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233) >>>>>>>>>> Could not check secret >>>>>>>>>> >>>>>>>>>> Even, wbinfo -a mydomain\\myuser%mypasswd is unsuccessful >>>>>>>>>> >>>>>>>>>> Wondering how i should proceed without this? >>>>>>>>>> >>>>>>>>>> Avinash >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mon, Aug 17, 2009 at 1:15 PM, Amos >>>>>>>>>> Jeffries<squid3@xxxxxxxxxxxxx> wrote: >>>>>>>>>>> >>>>>>>>>>> [re-inserting squid-users mailing list] >>>>>>>>>>> >>>>>>>>>>> Avinash Rao wrote: >>>>>>>>>>>> >>>>>>>>>>>> On Mon, Aug 17, 2009 at 11:30 AM, Amos Jeffries >>>>>>>>>>>> <squid3@xxxxxxxxxxxxx >>>>>>>>>>>> <mailto:squid3@xxxxxxxxxxxxx>> wrote: >>>>>>>>>>>> >>>>>>>>>>>> Avinash Rao wrote: >>>>>>>>>>>> >>>>>>>>>>>> Dear all, >>>>>>>>>>>> >>>>>>>>>>>> I am new here and i would like to know the correct >>>>>>>>>>>> procedure for >>>>>>>>>>>> compiling squid to integrate with samba. >>>>>>>>>>>> I am doing this on a Ubuntu 8.04 Server 64-bit edition and >>>>>>>>>>>> i >>>>>>>>>>>> have all >>>>>>>>>>>> the updates installed. Infact, i have installed samba >>>>>>>>>>>> through >>>>>>>>>>>> apt-get >>>>>>>>>>>> install and is configured as a PDC. >>>>>>>>>>>> >>>>>>>>>>>> dpkg -l | grep samba >>>>>>>>>>>> ii samba 3.0.28a-1ubuntu4.8 a LanManager-like file and >>>>>>>>>>>> printer server fo >>>>>>>>>>>> ii samba-common 3.0.28a-1ubuntu4.8 Samba common files >>>>>>>>>>>> used >>>>>>>>>>>> by both >>>>>>>>>>>> the server a >>>>>>>>>>>> >>>>>>>>>>>> I am in need of controlling internet access for samba >>>>>>>>>>>> domain users >>>>>>>>>>>> through squid. I read the documentation and it says Squid >>>>>>>>>>>> must be >>>>>>>>>>>> built with the configure options: >>>>>>>>>>>> >>>>>>>>>>>> --enable-auth="ntlm,basic" >>>>>>>>>>>> --enable-basic-auth-helpers=" >>>>>>>>>>>> winbind" >>>>>>>>>>>> --enable-ntlm-auth-helpers="winbind" >>>>>>>>>>>> >>>>>>>>>>>> According to the documentation, >>>>>>>>>>>> -------- >>>>>>>>>>>> Samba 3.x >>>>>>>>>>>> --------- >>>>>>>>>>>> Things are much easier under the 3.x versions of Samba. >>>>>>>>>>>> Smbd is no >>>>>>>>>>>> longer required to manage the machine's trust account, and >>>>>>>>>>>> there >>>>>>>>>>>> is >>>>>>>>>>>> no need to patch any utilities. >>>>>>>>>>>> The Samba team has incorporated functionality to change >>>>>>>>>>>> the machine >>>>>>>>>>>> trust account password in the new "net" command. A simple >>>>>>>>>>>> daily >>>>>>>>>>>> cron >>>>>>>>>>>> job scheduling "net rpc changetrustpw" is all that is >>>>>>>>>>>> needed. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> I went through the squid documentation and the configure >>>>>>>>>>>> options >>>>>>>>>>>> are >>>>>>>>>>>> vast. All i want is normal squid operations but with samba >>>>>>>>>>>> integration. Do I have to specify other options for normal >>>>>>>>>>>> squid >>>>>>>>>>>> operations?? What is the correct procedure and which >>>>>>>>>>>> version of >>>>>>>>>>>> squid >>>>>>>>>>>> suits well for the version of samba i am using? I have >>>>>>>>>>>> used >>>>>>>>>>>> squid but >>>>>>>>>>>> never compiled. My requirement with samba is PDC, winxp >>>>>>>>>>>> clients, >>>>>>>>>>>> users home directories are mapped as they login to the >>>>>>>>>>>> domain, a >>>>>>>>>>>> common share for all users and a printer if needed. >>>>>>>>>>>> >>>>>>>>>>>> Many Thanks, >>>>>>>>>>>> Avinash >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> This covers the NTLM auth via Samba requirements. >>>>>>>>>>>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm >>>>>>>>>>>> >>>>>>>>>>>> This covers the Active Directory (kerberos/negotiate auth) >>>>>>>>>>>> requirements: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Amos >>>>>>>>>>>> -- Please be using >>>>>>>>>>>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 >>>>>>>>>>>> Current Beta Squid 3.1.0.13 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Amos, >>>>>>>>>>>> >>>>>>>>>>>> Thanks for the reply. >>>>>>>>>>>> >>>>>>>>>>>> I read the documentation, and it says, " >>>>>>>>>>>> >>>>>>>>>>>> As Samba-3.x has it's own authentication helper there is no need >>>>>>>>>>>> to build >>>>>>>>>>>> any of the Squid authentication helpers for use with Samba-3.x >>>>>>>>>>>> (and the >>>>>>>>>>>> helpers provided by Squid won't work if you do). You do however >>>>>>>>>>>> need to >>>>>>>>>>>> enable support for the NTLM scheme if you plan on using this. >>>>>>>>>>>> Also you may >>>>>>>>>>>> want to use the wbinfo_group helper for group lookups >>>>>>>>>>>> >>>>>>>>>>>> --enable-auth="ntlm,basic" >>>>>>>>>>>> --enable-external-acl-helpers="wbinfo_group" >>>>>>>>>>>> >>>>>>>>>>>> Does this mean that squid has to be compiled with the above >>>>>>>>>>>> options? I >>>>>>>>>>>> am sorry if this sounds very basic. Also, my requirement, i >>>>>>>>>>>> should be able >>>>>>>>>>>> to restrict few users samba users from accessing the internet >>>>>>>>>>>> through at >>>>>>>>>>>> certain times and not necessary authentication. Will the above >>>>>>>>>>>> options >>>>>>>>>>>> help. >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Avinash >>>>>>>>>>>> >>>>>>>>>>> The Squid packages available for Ubuntu already have those >>>>>>>>>>> helpers built-in >>>>>>>>>>> and installed along with the package. All you need is the >>>>>>>>>>> configuration file >>>>>>>>>>> changes. >>>>>>>>>>> >>>>>>>>>>> If you are building your own Squid from raw source code, you may >>>>>>>>>>> need to add >>>>>>>>>>> them. >>>>>>>>>>> >>>>>>>>>>> For someone who does not know the very basics I would seriously >>>>>>>>>>> advise >>>>>>>>>>> staying with the pre-packaged versions of Squid until you know >>>>>>>>>>> what you are >>>>>>>>>>> doing. >>>>>>>>>>> --> apt-get install squid >>>>>>>>>>> >>>>>>>>>>> Then change the /etc/squid.conf file as needed. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Amos >>>>>>>>>>> -- >>>>>>>>>>> Please be using >>>>>>>>>>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 >>>>>>>>>>> Current Beta Squid 3.1.0.13 >>>>>>>>>>> > > > -- > Please be using > Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 > Current Beta Squid 3.1.0.13 >
