Hello All,
I must be missing something obvious, cause I've been trying to find an explaination or a chunk of squid.conf that will help me with this issue FOR AGES!!.
Anyway here what's going on. I have a Squid server running on Fedora Core1 on my network. The server is using winbind
I'm trying to authenticate members of groups in my Windows 2000 Active Directory. Basically if you're not a member of these particular group you don't have Internet Access. I've gotten it to work with individual users, but it just can't work with AD Groups:
This is what I have now, I've commented out the parts pertaining to the Groups as you can see. (You can also see the last syntax I tried using the @) I switch between the two while testing. Just in case anyone comes back to tell me to remove the comments!
Relevent parts of Squid.conf
Code:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 20 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
....
# acl AuthorisedUsers proxy_auth REQUIRED
acl squidusers proxy_auth MYDOMAIN\USER1 mydomain\user1
# acl squidusers proxy_auth @"MYDOMAIN\WWW-ACCESS"
....
# http_access allow AuthorisedUsers
http_access allow squidusers
# And finally deny all other access to this proxy
http_access allow localhost
http_access deny all
If I run wbinfo -g I am able to view all the groups in AD. The AuthorisedUsers acl is there from a previous test. What am I missing??? Could it have something to do with case-sensitivity???
K.
