Understood and it worked.. You have been of great help.
Here's what i want to achieve from this..
I have about 40 samba users logging into the samba domain using winxp.
The squid and samba runs on the same server. This setup is for an NGO
- Educational Institute
and the students really misuse the internet. So, i want to give them
access only when required and without authentication. Say for example,
every wednesday from 10:00-12:00PM and everyday 6:00-8:00PM. So, when
users from WINXP login to the domain, the internet should work only
the timings mentioned above but without authentication..
I am trying out different options. .. i hope i figure this out.
Thanks
Avinash
On Tue, Aug 18, 2009 at 8:48 PM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
> Avinash Rao wrote:
>>
>> /etc/init.d/squid restart
>> * Restarting Squid HTTP proxy squid
>> 2009/08/18 14:04:15| Invalid Proxy Auth ACL 'acl
>> AuthorizedUsers proxy_auth REQUIRED' because no authentication schemes
>> are fully configured.
>> FATAL: Bungled squid.conf line 39: acl AuthorizedUsers proxy_auth REQUIRED
>> Squid Cache (Version 2.6.STABLE18): Terminated abnormally.
>>
>> [fail]
>>
>
> Order for most things is VERY VERY important in squid.conf
>
> You are trying to tell squid what to do with authentication (ACL) before it
> has reached the section which turns authentication on (auth_param).
>
> Amos
>
>> squid.conf
>>
>> root_at_sunbox:/var/log/squid# more /etc/squid/squid.conf
>> visible_hostname sunbox
>> hierarchy_stoplist cgi-bin ?
>> acl QUERY urlpath_regex cgi-bin \?
>> no_cache deny QUERY
>> hosts_file /etc/hosts
>> http_port 100.100.100.50:3128
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern . 0 20% 4320
>> acl all src 0.0.0.0/0.0.0.0
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl to_localhost dst 127.0.0.0/8
>> acl SSL_ports port 443 563
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 563 # https, snews
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 631 # cups
>> acl Safe_ports port 777 # multiling http
>> acl Safe_ports port 901 # SWAT
>> acl Safe_ports port 993 # IMAP
>> acl Safe_ports port 587 # SMTP
>> acl Safe_ports port 22 # SSH
>> acl purge method PURGE
>> acl special_urls url_regex "/etc/squid/squid-noblock.acl"
>> acl extndeny url_regex -i "/etc/squid/blocks.files.acl"
>> acl malware_block_list url_regex -i "/etc/squid/malware_block_list.txt"
>> acl badurl url_regex -i teen orkut youtube sex mp3 mp4 exe
>> acl lan src 192.168.1.0 100.100.100.0/24
>> acl stud ident_regex babu
>> acl download method GET
>> acl CONNECT method CONNECT
>> acl AuthorizedUsers proxy_auth REQUIRED
>> cache_mem 100 MB
>> #redirect_program /usr/bin/squidGuard –c /etc/squid/squidGuard.conf
>> ident_lookup_access allow all
>> http_access deny all
>> http_access allow manager localhost
>> http_access deny manager
>> http_access allow purge localhost
>> http_access allow special_urls
>> http_access deny extndeny download
>> http_access deny extndeny
>> http_access deny purge
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> http_access deny badurl
>> http_access deny malware_block_list
>> deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list
>> http_access allow localhost
>> http_access allow lan
>> http_reply_access allow all
>> http_access allow AuthorizedUsers
>> http_access deny all
>> icp_access allow all
>> coredump_dir /var/spool/squid
>>
>>
>> auth_param ntlm program /usr/bin/ntlm_auth
>> --helper-protocol=squid-2.5-ntlmssp
>> auth_param ntlm children 30
>> auth_param ntlm max_challenge_reuses 0
>> auth_param ntlm max_challenge_lifetime 2 minutes
>> # ntlm_auth from Samba 3 supports NTLM NEGOTIATE packet
>> auth_param ntlm use_ntlm_negotiate on
>>
>> # warning: basic authentication sends passwords plaintext
>> # a network sniffer can and will discover passwords
>> auth_param basic program /usr/bin/ntlm_auth
>> --helper-protocol=squid-2.5-basic
>> auth_param basic children 5
>> auth_param basic realm Squid proxy-caching web server
>> auth_param basic credentialsttl 2 hours
>>
>>
>> Thanks
>> Avinash
>>
>>
>> On Tue, Aug 18, 2009 at 12:33 PM, Chris
>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>
>>> checking the trust secret via RPC calls succeeded means the secret is
>>> good, they changed the wording a while back, glad you're working
>>>
>>> chris
>>>
>>> Kind Regards,
>>> Christopher Boczko
>>> Server Support Analyst - IT Shared Services
>>> HomeServe
>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>
>>> DDI: 01482 677272
>>> Mob: 07967 059241
>>>
>>> www.homeserve.com
>>> www.chemdry.co.uk
>>>
>>> DDI: 01482 677272
>>> Mob: 07967 059241
>>>
>>> www.homeserve.com
>>> www.chemdry.co.uk
>>>
>>>
>>> -----Original Message-----
>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>> Sent: 17 August 2009 16:38
>>> To: Chris Boczko
>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>
>>> Chris,
>>>
>>> Please don't get bugged, wbinfo -g is working now ..
>>> wbinfo -g
>>> BUILTIN\administrators
>>> BUILTIN\users
>>>
>>> and even wbinfo -t
>>>
>>> wbinfo -t
>>> checking the trust secret via RPC calls succeeded
>>>
>>> but it didn't give the out "the secret is good" . I have no idea how
>>> this is working all of a sudden, it didn't work a little while ago!
>>>
>>> Regards,
>>> Avinash
>>>
>>>
>>>
>>> On Mon, Aug 17, 2009 at 8:58 PM, Avinash Rao<avinash.aol_at_gmail.com>
>>> wrote:
>>>>
>>>> Yes, Squid and Samba(PDC) are running on the same server.
>>>>
>>>> wbinfo -g won't work as i have not created any of the NT Domain Groups
>>>> is that necessary? Coz, i have a very simple samba configuration.
>>>>
>>>> I went through the link and made changes to nsswitch conf.
>>>>
>>>> wbinfo -set-auth-user=Administrator%'password'
>>>> Could not lookup sid Administrator%password
>>>>
>>>> But, I could join the domain, i just entered net join and entered the
>>>> current users password and it said joined the domain!
>>>> wbinfo -u
>>>> Error looking up domain users
>>>>
>>>> Thanks again
>>>> Avinash
>>>>
>>>>
>>>>
>>>> On Mon, Aug 17, 2009 at 8:29 PM, Chris
>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>
>>>>> Right ok,
>>>>>
>>>>> So squid is running samba (as a pdc) and squid as a cache?
>>>>>
>>>>> Can you try running wbinfo -g, and if that doesn't work, try running
>>>>> wbinfo --set-auth-user=Administrator%'YourPassword' (see:
>>>>> http://www.debian-administration.org/article/Question_Winbind_on_samba_PDC),
>>>>> the run wbinfo -g again
>>>>>
>>>>> Kind Regards,
>>>>> Christopher Boczko
>>>>> Server Support Analyst - IT Shared Services
>>>>> HomeServe
>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>>>
>>>>> DDI: 01482 677272
>>>>> Mob: 07967 059241
>>>>>
>>>>> www.homeserve.com
>>>>> www.chemdry.co.uk
>>>>>
>>>>> DDI: 01482 677272
>>>>> Mob: 07967 059241
>>>>>
>>>>> www.homeserve.com
>>>>> www.chemdry.co.uk
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>> Sent: 17 August 2009 15:56
>>>>> To: Chris Boczko
>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>
>>>>> Yes its on the squid server and its a PDC and the passwd backend is
>>>>> tdbsam
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Aug 17, 2009 at 8:22 PM, Chris
>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>>
>>>>>> This is on the squid server?
>>>>>>
>>>>>> Its trying to be a pdc
>>>>>>
>>>>>>
>>>>>> domain logons = yes
>>>>>> os level = 65
>>>>>> prefered master = yes
>>>>>> domain master = yes
>>>>>> local master = yes
>>>>>>
>>>>>> Kind Regards,
>>>>>> Christopher Boczko
>>>>>> Server Support Analyst - IT Shared Services
>>>>>> HomeServe
>>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>>>>
>>>>>> DDI: 01482 677272
>>>>>> Mob: 07967 059241
>>>>>>
>>>>>> www.homeserve.com
>>>>>> www.chemdry.co.uk
>>>>>>
>>>>>> DDI: 01482 677272
>>>>>> Mob: 07967 059241
>>>>>>
>>>>>> www.homeserve.com
>>>>>> www.chemdry.co.uk
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>> Sent: 17 August 2009 15:51
>>>>>> To: Chris Boczko
>>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>>
>>>>>> smb.conf
>>>>>>
>>>>>> [global]
>>>>>> workgroup = abc
>>>>>> server string = Samba on SUN
>>>>>> max log size = 500
>>>>>> log level = 1
>>>>>> interfaces = eth2 100.100.100.251
>>>>>> bind interfaces only = True
>>>>>>
>>>>>> log file = /var/log/samba/log.%m
>>>>>> max log size = 1000
>>>>>>
>>>>>> domain logons = yes
>>>>>> os level = 65
>>>>>> prefered master = yes
>>>>>> domain master = yes
>>>>>> local master = yes
>>>>>>
>>>>>> winbind uid = 10000-20000
>>>>>> winbind gid = 10000-20000
>>>>>> winbind use default domain = yes
>>>>>>
>>>>>> add machine script = /usr/sbin/useradd -s /bin/false -d /home/nobody
>>>>>> %u
>>>>>> dns proxy =No
>>>>>> hosts allow = 127. 100.100.100.
>>>>>> wins support = Yes
>>>>>> passdb backend = smbpasswd
>>>>>>
>>>>>> encrypt passwords = true
>>>>>> smb passwd file = /etc/samba/smbpasswd
>>>>>> security = user
>>>>>> netbios name = sunbox
>>>>>> username map = /etc/samba/smbusers
>>>>>>
>>>>>> [homes]
>>>>>> comment = Home Dir
>>>>>> read only = NO
>>>>>> browseable = NO
>>>>>> valid users = %S
>>>>>> path = %H
>>>>>> directory mask = 0700
>>>>>> create mask = 0700
>>>>>>
>>>>>>
>>>>>> [share]
>>>>>> comment = test share
>>>>>> path = /sambashare
>>>>>> valid users = nimda
>>>>>> create mask = 0765
>>>>>>
>>>>>>
>>>>>> Cheers
>>>>>> Avinash
>>>>>>
>>>>>>
>>>>>> On Mon, Aug 17, 2009 at 8:04 PM, Chris
>>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>>>
>>>>>>> Ah, make a little more sense, but i'm afraid my only experience is
>>>>>>> with windows as a active directory controller and samba linking to that, but
>>>>>>> i can still take a look at your smb.conf if you would like
>>>>>>>
>>>>>>> Kind Regards,
>>>>>>> Christopher Boczko
>>>>>>> Server Support Analyst - IT Shared Services
>>>>>>> HomeServe
>>>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>>>>>
>>>>>>> DDI: 01482 677272
>>>>>>> Mob: 07967 059241
>>>>>>>
>>>>>>> www.homeserve.com
>>>>>>> www.chemdry.co.uk
>>>>>>>
>>>>>>> DDI: 01482 677272
>>>>>>> Mob: 07967 059241
>>>>>>>
>>>>>>> www.homeserve.com
>>>>>>> www.chemdry.co.uk
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>>> Sent: 17 August 2009 15:30
>>>>>>> To: Chris Boczko
>>>>>>> Cc: squid-users_at_squid-cache.org
>>>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>>>
>>>>>>> Dear Christopher,
>>>>>>>
>>>>>>> Thank you for your reply.
>>>>>>>
>>>>>>> I am not using Active Directory, I am using a samba as a PDC (NT4)
>>>>>>> and
>>>>>>> its a simple configuration. All clients are WinXP and they login to
>>>>>>> the domain and i just want to control their access to internet that
>>>>>>> is
>>>>>>> all.
>>>>>>>
>>>>>>> And there is no other Windows NT domain machine in my network, its
>>>>>>> just this ubuntu server running squid and samba!
>>>>>>>
>>>>>>> If i am right? wbinfo -t will not work coz, i don't have a windows NT
>>>>>>> domain machine and no trust exists. But, how do i control, restrict
>>>>>>> or
>>>>>>> allow internet access for samba domain users through squid?
>>>>>>>
>>>>>>> Many Thanks
>>>>>>> Avinash
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Aug 17, 2009 at 7:50 PM, Chris
>>>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>>>>
>>>>>>>> Yes,
>>>>>>>>
>>>>>>>> If you are using active directory 2000/2003/2008, you'll need to
>>>>>>>> configure krb5 first
>>>>>>>>
>>>>>>>> Please see http://ubuntuforums.org/showthread.php?t=91510 , but you
>>>>>>>> only need to follow steps 1-3, then 7-9
>>>>>>>>
>>>>>>>> Then run
>>>>>>>>
>>>>>>>> Wbinfo -t to check the trust and
>>>>>>>> Wbinfo -g to list groups
>>>>>>>>
>>>>>>>> Kind Regards,
>>>>>>>> Christopher Boczko
>>>>>>>> Server Support Analyst - IT Shared Services
>>>>>>>> HomeServe
>>>>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>>>>>>
>>>>>>>> DDI: 01482 677272
>>>>>>>> Mob: 07967 059241
>>>>>>>>
>>>>>>>> www.homeserve.com
>>>>>>>> www.chemdry.co.uk
>>>>>>>>
>>>>>>>> DDI: 01482 677272
>>>>>>>> Mob: 07967 059241
>>>>>>>>
>>>>>>>> www.homeserve.com
>>>>>>>> www.chemdry.co.uk
>>>>>>>>
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>>>> Sent: 17 August 2009 14:57
>>>>>>>> To: Chris Boczko
>>>>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>>>>
>>>>>>>> root_at_sunbox: net join -U user
>>>>>>>> Password:
>>>>>>>> Creation of workstation account failed
>>>>>>>> Unable to join domain abc
>>>>>>>>
>>>>>>>> user_at_sunbox:/usr/lib/squid$ net join -U user1
>>>>>>>> [2009/08/17 19:24:05, 0] passdb/secrets.c:secrets_init(66)
>>>>>>>> Failed to open /var/lib/samba/secrets.tdb
>>>>>>>> [2009/08/17 19:24:05, 0] utils/net_rpc.c:rpc_oldjoin_internals(309)
>>>>>>>> error storing domain sid for abc
>>>>>>>>
>>>>>>>> No, I haven't configured krb5. Do we need all this just to control
>>>>>>>> internet access for samba domain users?
>>>>>>>>
>>>>>>>> Avinash
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Aug 17, 2009 at 7:19 PM, Chris
>>>>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>>>>>
>>>>>>>>> Have you run net join on the squid server (from the command line),
>>>>>>>>> and have you configured krb5?
>>>>>>>>>
>>>>>>>>> Does kinit (user)@(domain).(domain) work?
>>>>>>>>>
>>>>>>>>> Kind Regards,
>>>>>>>>> Christopher Boczko
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>>>>> Sent: 17 August 2009 14:47
>>>>>>>>> To: Chris Boczko
>>>>>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>>>>>
>>>>>>>>> Samba Version:
>>>>>>>>>
>>>>>>>>> dpkg -l | grep samba
>>>>>>>>> ii samba 3.0.28a-1ubuntu4.8 a LanManager-like file and printer
>>>>>>>>> server fo
>>>>>>>>> ii samba-common 3.0.28a-1ubuntu4.8 Samba common files used by
>>>>>>>>> both
>>>>>>>>> the server a
>>>>>>>>>
>>>>>>>>> Ubuntu 8.04 Server 64-bit.
>>>>>>>>>
>>>>>>>>> Net Join? You mean from a windows client? I have only winXP clients
>>>>>>>>> and they are all configured to login to the domain.
>>>>>>>>>
>>>>>>>>> Avinash
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Aug 17, 2009 at 7:07 PM, Chris
>>>>>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>>>>>>
>>>>>>>>>> Have you tried rejoining the domain using
>>>>>>>>>>
>>>>>>>>>> Net join ?
>>>>>>>>>>
>>>>>>>>>> Then testing the join with
>>>>>>>>>>
>>>>>>>>>> Wbinfo -t
>>>>>>>>>>
>>>>>>>>>> Also, which version of debian / samba / ad are you running?
>>>>>>>>>>
>>>>>>>>>> Kind Regards,
>>>>>>>>>> Christopher Boczko
>>>>>>>>>>
>>>>>>>>>> -----Original Message-----
>>>>>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>>>>>> Sent: 17 August 2009 14:25
>>>>>>>>>> To: squid-users_at_squid-cache.org
>>>>>>>>>> Subject: Fwd: [squid-users] Need help in integrating squid and
>>>>>>>>>> samba
>>>>>>>>>>
>>>>>>>>>> Thanks for the quick response.
>>>>>>>>>> And, yes i will install squid using apt-get install command.
>>>>>>>>>> The basic winbindd functionality "wbinfo -t": is not successful
>>>>>>>>>>
>>>>>>>>>> wbinfo -t
>>>>>>>>>> checking the trust secret via RPC calls failed
>>>>>>>>>> error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
>>>>>>>>>> Could not check secret
>>>>>>>>>>
>>>>>>>>>> Even, wbinfo -a mydomain\\myuser%mypasswd is unsuccessful
>>>>>>>>>>
>>>>>>>>>> Wondering how i should proceed without this?
>>>>>>>>>>
>>>>>>>>>> Avinash
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Mon, Aug 17, 2009 at 1:15 PM, Amos
>>>>>>>>>> Jeffries<squid3_at_treenet.co.nz> wrote:
>>>>>>>>>>>
>>>>>>>>>>> [re-inserting squid-users mailing list]
>>>>>>>>>>>
>>>>>>>>>>> Avinash Rao wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> On Mon, Aug 17, 2009 at 11:30 AM, Amos Jeffries
>>>>>>>>>>>> <squid3_at_treenet.co.nz
>>>>>>>>>>>> <mailto:squid3_at_treenet.co.nz>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Avinash Rao wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Dear all,
>>>>>>>>>>>>
>>>>>>>>>>>> I am new here and i would like to know the correct
>>>>>>>>>>>> procedure for
>>>>>>>>>>>> compiling squid to integrate with samba.
>>>>>>>>>>>> I am doing this on a Ubuntu 8.04 Server 64-bit edition and
>>>>>>>>>>>> i
>>>>>>>>>>>> have all
>>>>>>>>>>>> the updates installed. Infact, i have installed samba
>>>>>>>>>>>> through
>>>>>>>>>>>> apt-get
>>>>>>>>>>>> install and is configured as a PDC.
>>>>>>>>>>>>
>>>>>>>>>>>> dpkg -l | grep samba
>>>>>>>>>>>> ii samba 3.0.28a-1ubuntu4.8 a LanManager-like file and
>>>>>>>>>>>> printer server fo
>>>>>>>>>>>> ii samba-common 3.0.28a-1ubuntu4.8 Samba common files
>>>>>>>>>>>> used
>>>>>>>>>>>> by both
>>>>>>>>>>>> the server a
>>>>>>>>>>>>
>>>>>>>>>>>> I am in need of controlling internet access for samba
>>>>>>>>>>>> domain users
>>>>>>>>>>>> through squid. I read the documentation and it says Squid
>>>>>>>>>>>> must be
>>>>>>>>>>>> built with the configure options:
>>>>>>>>>>>>
>>>>>>>>>>>> --enable-auth="ntlm,basic"
>>>>>>>>>>>> --enable-basic-auth-helpers="
>>>>>>>>>>>> winbind"
>>>>>>>>>>>> --enable-ntlm-auth-helpers="winbind"
>>>>>>>>>>>>
>>>>>>>>>>>> According to the documentation,
>>>>>>>>>>>> --------
>>>>>>>>>>>> Samba 3.x
>>>>>>>>>>>> ---------
>>>>>>>>>>>> Things are much easier under the 3.x versions of Samba.
>>>>>>>>>>>> Smbd is no
>>>>>>>>>>>> longer required to manage the machine's trust account, and
>>>>>>>>>>>> there
>>>>>>>>>>>> is
>>>>>>>>>>>> no need to patch any utilities.
>>>>>>>>>>>> The Samba team has incorporated functionality to change
>>>>>>>>>>>> the machine
>>>>>>>>>>>> trust account password in the new "net" command. A simple
>>>>>>>>>>>> daily
>>>>>>>>>>>> cron
>>>>>>>>>>>> job scheduling "net rpc changetrustpw" is all that is
>>>>>>>>>>>> needed.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> I went through the squid documentation and the configure
>>>>>>>>>>>> options
>>>>>>>>>>>> are
>>>>>>>>>>>> vast. All i want is normal squid operations but with samba
>>>>>>>>>>>> integration. Do I have to specify other options for normal
>>>>>>>>>>>> squid
>>>>>>>>>>>> operations?? What is the correct procedure and which
>>>>>>>>>>>> version of
>>>>>>>>>>>> squid
>>>>>>>>>>>> suits well for the version of samba i am using? I have
>>>>>>>>>>>> used
>>>>>>>>>>>> squid but
>>>>>>>>>>>> never compiled. My requirement with samba is PDC, winxp
>>>>>>>>>>>> clients,
>>>>>>>>>>>> users home directories are mapped as they login to the
>>>>>>>>>>>> domain, a
>>>>>>>>>>>> common share for all users and a printer if needed.
>>>>>>>>>>>>
>>>>>>>>>>>> Many Thanks,
>>>>>>>>>>>> Avinash
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> This covers the NTLM auth via Samba requirements.
>>>>>>>>>>>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm
>>>>>>>>>>>>
>>>>>>>>>>>> This covers the Active Directory (kerberos/negotiate auth)
>>>>>>>>>>>> requirements:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Amos
>>>>>>>>>>>> -- Please be using
>>>>>>>>>>>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>>>>>>>>>>>> Current Beta Squid 3.1.0.13
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Amos,
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks for the reply.
>>>>>>>>>>>>
>>>>>>>>>>>> I read the documentation, and it says, "
>>>>>>>>>>>>
>>>>>>>>>>>> As Samba-3.x has it's own authentication helper there is no need
>>>>>>>>>>>> to build
>>>>>>>>>>>> any of the Squid authentication helpers for use with Samba-3.x
>>>>>>>>>>>> (and the
>>>>>>>>>>>> helpers provided by Squid won't work if you do). You do however
>>>>>>>>>>>> need to
>>>>>>>>>>>> enable support for the NTLM scheme if you plan on using this.
>>>>>>>>>>>> Also you may
>>>>>>>>>>>> want to use the wbinfo_group helper for group lookups
>>>>>>>>>>>>
>>>>>>>>>>>> --enable-auth="ntlm,basic"
>>>>>>>>>>>> --enable-external-acl-helpers="wbinfo_group"
>>>>>>>>>>>>
>>>>>>>>>>>> Does this mean that squid has to be compiled with the above
>>>>>>>>>>>> options? I
>>>>>>>>>>>> am sorry if this sounds very basic. Also, my requirement, i
>>>>>>>>>>>> should be able
>>>>>>>>>>>> to restrict few users samba users from accessing the internet
>>>>>>>>>>>> through at
>>>>>>>>>>>> certain times and not necessary authentication. Will the above
>>>>>>>>>>>> options
>>>>>>>>>>>> help.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>> Avinash
>>>>>>>>>>>>
>>>>>>>>>>> The Squid packages available for Ubuntu already have those
>>>>>>>>>>> helpers built-in
>>>>>>>>>>> and installed along with the package. All you need is the
>>>>>>>>>>> configuration file
>>>>>>>>>>> changes.
>>>>>>>>>>>
>>>>>>>>>>> If you are building your own Squid from raw source code, you may
>>>>>>>>>>> need to add
>>>>>>>>>>> them.
>>>>>>>>>>>
>>>>>>>>>>> For someone who does not know the very basics I would seriously
>>>>>>>>>>> advise
>>>>>>>>>>> staying with the pre-packaged versions of Squid until you know
>>>>>>>>>>> what you are
>>>>>>>>>>> doing.
>>>>>>>>>>> --> apt-get install squid
>>>>>>>>>>>
>>>>>>>>>>> Then change the /etc/squid.conf file as needed.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Amos
>>>>>>>>>>> --
>>>>>>>>>>> Please be using
>>>>>>>>>>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>>>>>>>>>>> Current Beta Squid 3.1.0.13
>>>>>>>>>>>
>
>
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
> Current Beta Squid 3.1.0.13
>
Received on Wed Aug 19 2009 - 05:03:08 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 19 2009 - 12:00:04 MDT