Srinivasa Chary wrote:
> I am getting problem when doing group filtering using from windows 2003
> server. I am using squid-2.5.STABLE3 and samba-3.0.0
> i am able to authenticate all the users perfectly with out group
> varification, when i want to do group filtering it is not applying .
Can you be a little more specific on what happens when it doesn't work?
> Squid.conf:
> external_acl_type NT_global_group %LOGIN /etc/squid/wbinfo_group.pl
> acl AllowedNTUsers external NT_global_group "/etc/squid/allowedntgroups"
> acl LoggedInUsers proxy_auth REQUIRED
> http_access allow AllowedNTUsers
> http_access allow LoggedInUsers
> http_access deny !AllowedNTUsers
> http_access deny !LoggedInUsers
So you allow access to anyone in an allowed group, then allow access to
anyone who authenticates successfully. If this is what you want, then these
settings are fine (though the explicit "deny" lines are unneeded).
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny all
With the exception of the "deny all" rule, these rules should come before
your own http_access rules (the "deny all" line should come after).
> smb.conf
Since your authentication works, your Samba settings are fine.
> wbinfo_group.pl
Unless you changed the script (other than specifying the full path to
wbinfo), there's no need to post it.
Adam
Received on Sat Feb 12 2005 - 21:50:27 MST
This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST