Hey all
Okay iv get squid v2.5 Stable 6 and Samba 3 set up on a mandrake 10.1 machine. Its set up and joined to a windows 2000 domain. I can get a list of users and groups using wbinfo and wbinfo -t is successful. I'm using the wbinfo_group.pl script to check a group to see if users are allowed internet access. In my squid.conf I have :
external_acl_type nt_group %LOGIN /usr/lib/squid/wbinfo_group.pl
acl unrestricted external nt_group PROXY
http_access allow unrestricted openwhitelist
(openwhitelist is just a list of .com .co.uk and so on to give users full internet access)
When I run the script manually to check that it works I enter a user that I know is the in the group PROXY and it is successful ie User1 PROXY. The problem is when a request is made by a browser for access is sends its username in the form of a full windows domain name such as Domain\User and which winbind doesn't seem to like. I thought it may be what I have my "winbind separator" value set to in my smb.conf file so I changed it to \ but still when I look in the winbind logs in /var/log/samba/log.winbindd it says user does not exist.
I experimented with the wbinfo_group.pl script and found that if I enter "username group" it will work but if I enter "domain\username domain\group" it wont work as it seems to remove the \.Only of if I enter "Domain\\User Domain\\Group" and let it strip one of the \ will it work. Is this the way the browser should send it to squid? I changed the winbind separator value in the smb.conf to other things such as / or + or @ and then ran the script using the different separators and each one worked. For example if I enter "domain+user domain+group" it will return OK. Similarly if I use pretty much any other symbol but the ' \ ' which the browser seems to send (IE6 SP1).
Can anyone see where I am going wrong. Is there a way to make the script understand the standard windows full domain name of Domain\User or have I just configured something wrong somewhere? I believe I have the squid.conf configuration right just a case of getting wbinfo_group.pl to work right
Many Thanks
James Sweet
_____________________________________________________________________
This transmission and any attachments are confidential and are intended solely for the named addressee (s). If you are not the addressee, please do not read, copy, use or disclose this transmission and please notify us immediately by telephone on
+44 (0) 1670 594848 or by reply. Please then delete this transmission from your system.
Although we have taken steps to ensure that this email and attachments are free from viruses, we advise that in keeping with good computing practice the recipient must ensure that they in fact are virus free.
No contracts may be concluded on behalf of Fone Logistics LTD by means of email communications.
Received on Fri Jul 15 2005 - 09:48:28 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT