> On another machine using Winbind 2.x I have a similar configuration
> with the old helpers, and it does fail the way I want. It was using
> 'external_acl_type NT_global_group %LOGIN /usr/lib/squid/wb_group -c'
> however, instead of 'proxy_auth'. Can I make the browsers work how I
> want with the new method?
To answer my own question, in case anyone is concerned:
What I wanted to do was similar to what I had last time:
external_acl_type NT_global_group %LOGIN /usr/lib/squid/wbinfo_group.pl
acl FullUsers external NT_global_group "/etc/squid/fullusers"
Changing the order of the http_access lines to:
http_access allow localhost
http_access allow fullusers
http_access allow localnet allowedsites
http_access deny all
means all usernames are logged as appropriate.
This setup lets you do NTLM authentication without bothering users with
passwords dialogs (and obviously only works on browsers that support
NTLM) and therefore 'silently' deny users without the correct access.
Craig
Received on Mon Jun 13 2005 - 17:31:58 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT