OK Guido thanks...
I don't use the windows authentificator because I had not understood how it
works. But now, I understand ;-)
I have printing the win32_auth.txt and the win32_check_group.txt and I
try...
I can't use the win32_auth program because squid do not run on the same
server like my AD.
So I try to use the win32_check_group, by I have a problem. :-(
In my squid.conf, I have this :
=========================================
# TAG: auth_param
auth_param basic program c:/squid/libexec/squid_ldap_auth.exe -R -b
"dc=domaine,dc=fr" -f "sAMAccountName=%s" -D
"cn=Administrateur,cn=Users,dc=domaine,dc=fr" -w "passAdmin" -h IP_server_AD
auth_param basic children 5
auth_param basic realm Authentification
auth_param basic credentialsttl 30 second
# TAG: external_acl_type
external_acl_type leweb ttl=300 %LOGIN
c:/squid/libexec/win32_check_group.exe -G
# TAG: refresh_pattern
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# TAG: acl
acl all src 0.0.0.0/0.0.0.0
acl GProxyUsers external leweb GProxyUsers
acl password proxy_auth REQUIRED
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
# TAG: http_access
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow password GProxyUsers
# And finally deny all other access to this proxy
http_access deny all
=========================================
My global security group name's is leweb.
I add my name in the group leweb.
Now, on my IE, if I try my login and password, immediatly I have the ERROR
page's :
ERROR
The requested URL could not be retrieved
----------------------------------------------------------------------------
---- While trying to retrieve the URL: http://news.google.fr/nwshp? The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is webmaster. Could you help me ? Thanks Jérôme -----Message d'origine----- De : Guido Serassio [mailto:guido.serassio@acmeconsulting.it] Envoyé : mercredi 21 juin 2006 21:02 À : Jerome; 'Henrik Nordstrom' Cc : squid-users@squid-cache.org Objet : RE: [squid-users] Pb ldap with SquidNT Hi Jerome, At 18.06 21/06/2006, Jerome wrote: >Sorry, but I use the windows Authenticator ? >I create a local group security (not global) on my AD (win server 2003) >I add my name to the member of the group. >When I browse my AD with adsiedit.msc on my name I have : memberof : >CN=leweb,OU=USERS,DC=domaine,DC=fr >Next I try this command line : >win32_auth.exe -A leweb -O domaine, but I have a error : ERR User not >allowed to use this cache If I try win32_auth.exe -D leweb -O domaine, >I have OK ! Strange... >Could you help me ? >Thanks This correct: As you can read in win32_auth.txt, win32_auth.exe can check only for MACHINE LOCAL GROUPS. Yuo must use win32_check_group.exe for domains groups. Regards Guido - ======================================================== Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.serassio@acmeconsulting.it WWW: http://www.acmeconsulting.it/Received on Fri Jun 23 2006 - 09:39:15 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:02 MDT