Re: [squid-users] Need help in integrating squid and samba

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 17 Aug 2009 19:45:32 +1200

[re-inserting squid-users mailing list]

Avinash Rao wrote:
>
>
> On Mon, Aug 17, 2009 at 11:30 AM, Amos Jeffries <squid3_at_treenet.co.nz
> <mailto:squid3_at_treenet.co.nz>> wrote:
>
> Avinash Rao wrote:
>
> Dear all,
>
> I am new here and i would like to know the correct procedure for
> compiling squid to integrate with samba.
> I am doing this on a Ubuntu 8.04 Server 64-bit edition and i
> have all
> the updates installed. Infact, i have installed samba through
> apt-get
> install and is configured as a PDC.
>
> dpkg -l | grep samba
> ii samba 3.0.28a-1ubuntu4.8 a LanManager-like file and
> printer server fo
> ii samba-common 3.0.28a-1ubuntu4.8 Samba common files used
> by both
> the server a
>
> I am in need of controlling internet access for samba domain users
> through squid. I read the documentation and it says Squid must be
> built with the configure options:
>
> --enable-auth="ntlm,basic"
> --enable-basic-auth-helpers="
> winbind"
> --enable-ntlm-auth-helpers="winbind"
>
> According to the documentation,
> --------
> Samba 3.x
> ---------
> Things are much easier under the 3.x versions of Samba. Smbd is no
> longer required to manage the machine's trust account, and there is
> no need to patch any utilities.
> The Samba team has incorporated functionality to change the machine
> trust account password in the new "net" command. A simple daily
> cron
> job scheduling "net rpc changetrustpw" is all that is needed.
>
>
> I went through the squid documentation and the configure options are
> vast. All i want is normal squid operations but with samba
> integration. Do I have to specify other options for normal squid
> operations?? What is the correct procedure and which version of
> squid
> suits well for the version of samba i am using? I have used
> squid but
> never compiled. My requirement with samba is PDC, winxp clients,
> users home directories are mapped as they login to the domain, a
> common share for all users and a printer if needed.
>
> Many Thanks,
> Avinash
>
>
> This covers the NTLM auth via Samba requirements.
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm
>
> This covers the Active Directory (kerberos/negotiate auth) requirements:
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
> Current Beta Squid 3.1.0.13
>
>
>
>
> Amos,
>
> Thanks for the reply.
>
> I read the documentation, and it says, "
>
> As Samba-3.x has it's own authentication helper there is no need to
> build any of the Squid authentication helpers for use with Samba-3.x
> (and the helpers provided by Squid won't work if you do). You do however
> need to enable support for the NTLM scheme if you plan on using this.
> Also you may want to use the wbinfo_group helper for group lookups
>
> --enable-auth="ntlm,basic"
> --enable-external-acl-helpers="wbinfo_group"
>
> Does this mean that squid has to be compiled with the above options? I
> am sorry if this sounds very basic. Also, my requirement, i should be
> able to restrict few users samba users from accessing the internet
> through at certain times and not necessary authentication. Will the
> above options help.
>
> Thanks,
> Avinash
>

The Squid packages available for Ubuntu already have those helpers
built-in and installed along with the package. All you need is the
configuration file changes.

If you are building your own Squid from raw source code, you may need to
add them.

For someone who does not know the very basics I would seriously advise
staying with the pre-packaged versions of Squid until you know what you
are doing.
   --> apt-get install squid

Then change the /etc/squid.conf file as needed.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
   Current Beta Squid 3.1.0.13
Received on Mon Aug 17 2009 - 07:45:49 MDT

This archive was generated by hypermail 2.2.0 : Mon Aug 17 2009 - 12:00:03 MDT