So....i solved erase all squid.conf and create again with this lines. acl AuthorizedUsers proxy_auth REQUIRED external_acl_type nt_group %LOGIN /usr/lib/squid/wbinfo_group.pl acl dpto external nt_group finance http_access allow dpto http_access allow AuthorizedUsers So....Amos Jeffries was right...thanks for help e sorry for my innattention tnks again...... --kalz--- > > > -------- Mensagem original -------- > Assunto: Re: External_acl_type Problem > Data: Sat, 22 Jan 2011 03:07:56 > +1300 De: Amos Jeffries > Para: squid-users@xxxxxxxxxxxxxxx > > On 22/01/11 01:38, Kalil Costa - Brasilsite wrote: > Hi all, > > > I > have a problem with not working external_acl_type > > Integrated the > AD 2003 using squid with ntlm, samba, winbind, works fine. > Logs in > access.log ok, user navigates normal, but when i configure > > squid.conf using external_acl_type nothings happens. > Your problems > in not related to external_acl_type. The order of your directives > does not match what you are wanting to happen. > > My settings > squid.conf > > ----- > > http_port 3128 > > cache_mem 12 MB > > maximum_object_size_in_memory 64 KB > maximum_object_size 512 MB > > minimum_object_size 0 KB > cache_swap_low 90 > cache_swap_high 95 > > cache_dir ufs /var/spool/squid 2048 16 256 > cache_access_log > /var/log/squid/access.log > refresh_pattern ^ftp: 15 20% 2280 > > refresh_pattern ^gopher: 15 0% 2280 Add: refresh_pattern -i > (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 15 20% 2280 > > > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > > no_cache deny QUERY If you have a Squid newer than 2.6 remove the > above three lines. > > auth_param ntlm program /usr/bin/ntlm_auth > > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 30 > > > auth_param basic program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-basic > auth_param basic children 5 > > auth_param basic realm Squid proxy-caching web server > auth_param > basic credentialsttl 2 hours > > > > #debug_options ALL,1 82,9 84,9 > > > #acl all src 0.0.0.0/24 > > > acl AuthorizedUsers proxy_auth > REQUIRED > http_access allow AuthorizedUsers At this point anyone > who can login is allowed immediately. > > external_acl_type nt_group > %LOGIN /usr/lib/squid/wbinfo_group.pl > > acl dpto external nt_group > finance > http_access deny dpto > This group restriction needs to be > above "allow AuthorizedUsers" to work. When two criteria overlap, > the most specific needs to be tested first. In this case the details > user+password+group is more specific than just user+password. Amos > -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.10 > Beta testers wanted for 3.2.0.4
