Running Fedora Core1
We are using samba-3.0.2-7.FC1 and squid-2.5.STABLE3-1.fc1 (custom build
with --enable-basic-auth-helpers="winbind")
Everything is working and the domain\username is listed in squid access log.
What I would like to do, that I had done with wb_auth on Samba 2.2.8, is
limit who can get out to the internet via NT global group membership.
What I had done in that previous install was:
external_acl_type NT_global_group ttl=300 %LOGIN
/usr/local/squid/libexec/wb_group -c
acl ProxyUsers external NT_global_group ProxyUsers
acl password proxy_auth REQUIRED
http_access allow password ProxyUsers
I just can't find what I am looking for to duplicate this kind of action
with ntlm_auth.
Currently in my Fedora squid config
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl password proxy_auth REQUIRED
http_access allow password ProxyUsers
Not sure how to get the external_acl_type to work with ntlm_auth. any help
appreciated.
Received on Thu May 13 2004 - 13:56:43 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT