Hi nick,
I don't have much experience on squid + Windows plataform but i
recommend you to take the following way, you must try to separate
authenticators and group clasificators by topic, i think you must use
ntlm_auth with wbinfo_group or squid_ldap_auth with squid_ldap_group
trying not mixing both. I hope this help you.
nick w escribió:
> Hi,
>
> I have had a look through the threads and see that there are a few
> threads on this particular issue but dealing with Unix based squid
> servers and not Windows platforms. I am having a little trouble
> getting the squid_ldap_group helper working with NTLM_Auth and running
> on a W2K3 server. With the config below when you try to browse the net
> the browser just hangs trying to contact the website, no access denied
> message appears and I am assuming that the browser has not had a
> response back from squid. I have checked the cache.log file and I see
> entries in there saying that the request matched a denied acl rule and
> access is denied. If you are not in the AD group for denying inet
> access you get the same browser hang. Not sure what to do from here.
>
> auth_param ntlm program c:/proxy/libexec/win32_ntlm_auth.exe
> auth_param ntlm children 40
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> auth_param ntlm use_ntlm_negotiate on
>
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
>
> external_acl_type ldap_group %LOGIN
> C:\Proxy\libexec\squid_ldap_group.exe -b OU=xxx,DC=xxx,DC=xxx -f
> OU=xxx,DC=xxx,DC=xxx -F OU=xxx,DC=xxx,DC=xxx -h LDAP_server_name -p
> 389 -S
>
>
>
> acl inet_deny external ldap_group
> CN=No-Internet-Access,OU=xxx,DC=xxx,DC=xxx
>
>
>
> http_access deny inet_deny
>
>
>
> Any help would be greatly appreciated.
>
> __________ Informaci�n de NOD32, revisi�n 2413 (20070723) __________
>
> Este mensaje ha sido analizado con NOD32 antivirus system
> http://www.nod32.com
>
>
>
Received on Mon Jul 23 2007 - 23:52:56 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:04 MDT