Dear forum users.
I installed squid and samba on CentOS 6.6.
I need a help to authentication between squid and AD.
My squid.conf file is as below.
------------------------------------
cache_dir ufs /etc/squid/cache 2048 16 256
tcp_outgoing_address 192.168.23.241
error_directory /usr/share/squid/errors/en
memory_pools on
memory_pools_limit 2048 MB
visible_hostname appsrv1.matanata.net
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
dns_nameservers 8.8.4.4 8.8.8.8 192.168.22.10
hierarchy_stoplist cgi-bin ?
### Auth ntlm
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm keep_alive on
### Auth basic
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 hours
auth_param basic casesensitive off
cache_mgr
aabdullayev@matanata.az
http_port 192.168.23.241:3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
########
authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour
### For AD Groups
external_acl_type nt_group %LOGIN /usr/lib/squid/wbinfo_group.pl
#!
#acl manager proto cache_object
#acl localhost src 127.0.0.1/32
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 8080 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl hznsrvva1 src 192.168.67.61
acl wmvareupdmanager src 192.168.67.18
acl x_internet_users_1 external nt_group internet_users_1
acl x_internet_users_2 external nt_group internet_users_2
acl x_internet_users_3 external nt_group internet_users_3
acl x_internet_users_4 external nt_group internet_users_4
###>!!!<###
##STATIC ACL##
#acl lan src 192.168.1.0/24
#acl lan1 src 192.168.23.0/24
acl emin-desk src 192.168.1.145
acl ict2-pc src 192.168.1.212
acl ict1-pc src 192.168.1.111
acl fr3-pc src 192.168.1.176
acl fr2-pc src 192.168.1.174
acl elxan-vaio src 192.168.1.186
acl zyxel-wi-fi-ap src 192.168.1.249
acl rufat-think1 src 192.168.1.180
acl rufat-think2 src 192.168.1.159
acl fuad-bashirov src 192.168.1.75
acl rufat-android src 192.168.1.200
acl rufat-tpt2-1 src 192.168.1.167
acl rufat-tpt2-2 src 192.168.1.158
##/-STATIC ACL-/##
acl ip url_regex
http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[:/]
acl ip url_regex
https://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[:/]
acl ip_ftp url_regex
ftp://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[:/]
acl activate_adobe dstdomain activate.adobe.com
acl download url_regex -i \.mpe$ \.psd$ \.qt$ \.mp4$ \.3gp$ \.avi$ \.flv$ \.flac$ \.iso$ \.raw$ \.mov$ \.vqf$ \.tar$ \.gz$ \.rpm$ \.mp3$ \.asx$ \.wma$ \.wmv$ \.avi$ \.rar$ \.mpeg$ \.mpg$ \.qt$ \.ram$ \.rm$ \.iso$ \.wav$ \.zip$ \.exe$
acl dropbox_download dstdomain .dropboxusercontent.com
acl porn dstdomain "/etc/squid/acl/squid-porn.acl"
acl torrent url_regex -i "/etc/squid/acl/squid-torrent.acl"
acl proxy dstdomain "/etc/squid/acl/squid-proxies.acl"
acl ads url_regex -i "/etc/squid/acl/squid-ads.acl"
#acl mail dstdom_regex "/etc/squid/acl/mail/domains"
acl mail dstdomain "/etc/squid/acl/mail/domains"
acl malicious dstdomain "/etc/squid/acl/squid-malicious.acl"
acl social dstdomain "/etc/squid/acl/social/domains"
acl externald url_regex -i "/etc/squid/acl/external/domains"
acl externalu url_regex -i "/etc/squid/acl/external/urls"
acl QUERY urlpath_regex cgi-bin \?
http_access allow manager localhost
http_access deny manager
http_access deny activate_adobe
http_access allow hznsrvva1
#http_access allow lan
#http_access allow lan1
http_access allow wmvareupdmanager
http_access allow emin-desk
http_access allow ict2-pc
http_access allow ict1-pc
http_access allow fr3-pc
http_access allow fr2-pc
http_access allow elxan-vaio
http_access allow zyxel-wi-fi-ap
http_access allow rufat-think1
http_access allow rufat-think2
http_access allow fuad-bashirov
http_access allow rufat-android
http_access allow rufat-tpt2-1
http_access allow rufat-tpt2-2
###LEVEL 1###
http_access allow x_internet_users_1
###LEVEL 1###
#deny_info ERR_ACCESS_DENIED
#deny_info ERR_ACCESS_DENIED proxy
###LEVEL 2###
http_access allow !mail !ads !dropbox_download !proxy !download !torrent !porn !malicious !externald !externalu x_internet_users_2
###//LEVEL 2###
#deny_info
http://192.168.23.6/1x1-pixel.png ads
#deny_info
http://192.168.23.6/1x1-pixel.png proxy
#deny_info
http://192.168.23.6/logo.jpg social
#http_access deny proxy x_internet_users_3
###LEVEL 3###
http_access allow !social !malicious !ads !torrent !porn !proxy !externald !externalu !ip !ip_ftp !mail x_internet_users_3
###//LEVEL 3###
#deny_info
http://192.168.23.6/1x1-pixel.png x_internet_users_3
###LEVEL 4###
http_access allow !dropbox_download !ads !malicious !torrent !download !porn !proxy !externald !externalu !ip !ip_ftp !mail !social x_internet_users_4
###//LEVEL 4###
http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
no_cache deny QUERY
http_access deny all
_______________________________________________________
Where is the mistake?