Avinash Rao wrote:
---------- Forwarded message ----------
From: Avinash Rao <avinash.aol@xxxxxxxxx>
Date: Tue, Sep 8, 2009 at 11:13 AM
Subject: Re: Fwd: Need help in integrating squid and samba
To: Amos Jeffries <squid3@xxxxxxxxxxxxx>
Cc: Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx>, squid-users@xxxxxxxxxxxxxxx
On Tue, Sep 1, 2009 at 4:10 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
Avinash Rao wrote:
On 8/31/09, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
Avinash Rao wrote:
On Mon, Aug 24, 2009 at 1:00 AM, Henrik Nordstrom
<henrik@xxxxxxxxxxxxxxxxxxx
<mailto:henrik@xxxxxxxxxxxxxxxxxxx>> wrote:
sön 2009-08-23 klockan 15:08 +0530 skrev Avinash Rao:
> I couldn't find any document that shows me how to enable wb_info
for squid.
> Can anybody help me?
external_acl_type NT_Group %LOGIN
/usr/local/squid/libexec/wbinfo_group.pl
acl group1 external NT_Group group1
then use group1 whenever you want to match users belonging to that
Windows group.
Regards
Henrik
Hi Henrik,
I have used the following in my squid.conf
external_acl_type NT_Group %LOGIN /usr/lib/squid/wbinfo_group.pl acl
group1 external NT_Group staff
acl net time M T W T F S S 9:00-18:00
http_access allow net
On my linux server, I have created a group called staff and made a couple
of users a member of this group called staff. My intention is to provide
access to users belonging to group staff on all days from morning 9am - 7PM.
The rest should be denied.
But this didn't work, when the Samba users login from a winxp client, it
doesn't get access to internet at all.
There is no http_access lien making any use of ACL "group1"
And _everybody_ (me included on this side of the Internet) is allowed to use
your proxy between 9am ad 6pm.
Amos
Thanks for the reply, Ya i missed http_access allow group1
I didn't understand your second statement, are u telling me that i
should deny access to net?
You should combine the ACL with others on an http_access line so that its limited to who it allows.
This:
acl net time M T W T F S S 9:00-18:00
http_access allow net
simply says "all requests are allowed between time X and Y".
Without additional controls, ie on IP address making the request, you end up with an open proxy.
Amos
Dear Amos,
I am still not able to get this working. Here's what i want to
accomplish. I have WinXP - SP2 clients logging onto the samba domain
and LTSP users. All users use squid proxy. My intention is to control
the samba users from accessing the internet at certain times.
If i don't use the external_acl_type NT_Group as mentioned below, the
squid works properly for all users, even windows and anybody using
squid proxy.
external_acl_type NT_Group %LOGIN /usr/local/squid/libexec/
wbinfo_group.pl
acl group1 external NT_Group group1
I have created a group called staff using net rpc command and i am i
have made all the users using winxp a member of this group staff. So,
my acl will look like
external_acl_type NT_Group %LOGIN /usr/local/squid/libexec/wbinfo_group.pl
acl acl_name external NT_Group staff
http_access allow staff
According to my understanding, it should allow only those samba users
which come under the group staff. But thats not happening, squid
denies access to the internet.
_when tested_ it should be doing that. Other rules around it have an
effect that you may have overlooked.
Then again the group name is case-sensitive. The helper is OS access
permission sensitive, and NTLM auth has difficulties all of its own.
I'll need to see the whole access config to know whats going on. And
remind me what version of Squid this is.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
Current Beta Squid 3.1.0.13
