Re: Fwd: [squid-users] Need help in integrating squid and samba

From: Avinash Rao <avinash.aol_at_gmail.com>
Date: Wed, 19 Aug 2009 10:32:58 +0530

Understood and it worked.. You have been of great help.
Here's what i want to achieve from this..

I have about 40 samba users logging into the samba domain using winxp.
The squid and samba runs on the same server. This setup is for an NGO
- Educational Institute
and the students really misuse the internet. So, i want to give them
access only when required and without authentication. Say for example,
every wednesday from 10:00-12:00PM and everyday 6:00-8:00PM. So, when
users from WINXP login to the domain, the internet should work only
the timings mentioned above but without authentication..

I am trying out different options. .. i hope i figure this out.

Thanks
Avinash

On Tue, Aug 18, 2009 at 8:48 PM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
> Avinash Rao wrote:
>>
>>  /etc/init.d/squid restart
>>  * Restarting Squid HTTP proxy squid
>>        2009/08/18 14:04:15| Invalid Proxy Auth ACL 'acl
>> AuthorizedUsers proxy_auth REQUIRED' because no authentication schemes
>> are fully configured.
>> FATAL: Bungled squid.conf line 39: acl AuthorizedUsers proxy_auth REQUIRED
>> Squid Cache (Version 2.6.STABLE18): Terminated abnormally.
>>
>>  [fail]
>>
>
> Order for most things is VERY VERY important in squid.conf
>
> You are trying to tell squid what to do with authentication (ACL) before it
> has reached the section which turns authentication on (auth_param).
>
> Amos
>
>> squid.conf
>>
>> root_at_sunbox:/var/log/squid# more /etc/squid/squid.conf
>> visible_hostname sunbox
>> hierarchy_stoplist cgi-bin ?
>> acl QUERY urlpath_regex cgi-bin \?
>> no_cache deny QUERY
>> hosts_file /etc/hosts
>> http_port 100.100.100.50:3128
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern . 0 20% 4320
>> acl all src 0.0.0.0/0.0.0.0
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl to_localhost dst 127.0.0.0/8
>> acl SSL_ports port 443 563
>> acl Safe_ports port 80                # http
>> acl Safe_ports port 21                # ftp
>> acl Safe_ports port 443 563           # https, snews
>> acl Safe_ports port 70                # gopher
>> acl Safe_ports port 210               # wais
>> acl Safe_ports port 1025-65535        # unregistered ports
>> acl Safe_ports port 280               # http-mgmt
>> acl Safe_ports port 488               # gss-http
>> acl Safe_ports port 591               # filemaker
>> acl Safe_ports port 631               # cups
>> acl Safe_ports port 777               # multiling http
>> acl Safe_ports port 901               # SWAT
>> acl Safe_ports port 993               # IMAP
>> acl Safe_ports port 587               # SMTP
>> acl Safe_ports port 22                # SSH
>> acl purge method PURGE
>> acl special_urls url_regex "/etc/squid/squid-noblock.acl"
>> acl extndeny url_regex -i "/etc/squid/blocks.files.acl"
>> acl malware_block_list url_regex -i "/etc/squid/malware_block_list.txt"
>> acl badurl url_regex -i teen orkut youtube sex mp3 mp4 exe
>> acl lan src 192.168.1.0 100.100.100.0/24
>> acl stud ident_regex babu
>> acl download method GET
>> acl CONNECT method CONNECT
>> acl AuthorizedUsers proxy_auth REQUIRED
>> cache_mem 100 MB
>> #redirect_program /usr/bin/squidGuard –c /etc/squid/squidGuard.conf
>> ident_lookup_access allow all
>> http_access deny all
>> http_access allow manager localhost
>> http_access deny manager
>> http_access allow purge localhost
>> http_access allow special_urls
>> http_access deny extndeny download
>> http_access deny extndeny
>> http_access deny purge
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> http_access deny badurl
>> http_access deny malware_block_list
>> deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list
>> http_access allow localhost
>> http_access allow lan
>> http_reply_access allow all
>> http_access allow AuthorizedUsers
>> http_access deny all
>> icp_access allow all
>> coredump_dir /var/spool/squid
>>
>>
>> auth_param ntlm program /usr/bin/ntlm_auth
>> --helper-protocol=squid-2.5-ntlmssp
>> auth_param ntlm children 30
>> auth_param ntlm max_challenge_reuses 0
>> auth_param ntlm max_challenge_lifetime 2 minutes
>> # ntlm_auth from Samba 3 supports NTLM NEGOTIATE packet
>> auth_param ntlm use_ntlm_negotiate on
>>
>> # warning: basic authentication sends passwords plaintext
>> # a network sniffer can and will discover passwords
>> auth_param basic program /usr/bin/ntlm_auth
>> --helper-protocol=squid-2.5-basic
>> auth_param basic children 5
>> auth_param basic realm Squid proxy-caching web server
>> auth_param basic credentialsttl 2 hours
>>
>>
>> Thanks
>> Avinash
>>
>>
>> On Tue, Aug 18, 2009 at 12:33 PM, Chris
>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>
>>> checking the trust secret via RPC calls succeeded means the secret is
>>> good, they changed the wording a while back, glad you're working
>>>
>>> chris
>>>
>>> Kind Regards,
>>> Christopher Boczko
>>> Server Support Analyst - IT Shared Services
>>> HomeServe
>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>
>>> DDI: 01482 677272
>>> Mob: 07967 059241
>>>
>>> www.homeserve.com
>>> www.chemdry.co.uk
>>>
>>> DDI: 01482 677272
>>> Mob: 07967 059241
>>>
>>> www.homeserve.com
>>> www.chemdry.co.uk
>>>
>>>
>>> -----Original Message-----
>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>> Sent: 17 August 2009 16:38
>>> To: Chris Boczko
>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>
>>> Chris,
>>>
>>> Please don't get bugged, wbinfo -g is working now ..
>>> wbinfo -g
>>> BUILTIN\administrators
>>> BUILTIN\users
>>>
>>> and even wbinfo -t
>>>
>>> wbinfo -t
>>> checking the trust secret via RPC calls succeeded
>>>
>>> but it didn't give the out "the secret is good" . I have no idea how
>>> this is working all of a sudden, it didn't work a little while ago!
>>>
>>> Regards,
>>> Avinash
>>>
>>>
>>>
>>> On Mon, Aug 17, 2009 at 8:58 PM, Avinash Rao<avinash.aol_at_gmail.com>
>>> wrote:
>>>>
>>>> Yes, Squid and Samba(PDC) are running on the same server.
>>>>
>>>> wbinfo -g won't work as i have not created any of the NT Domain Groups
>>>> is that necessary? Coz, i have a very simple samba configuration.
>>>>
>>>> I went through the link and made changes to nsswitch conf.
>>>>
>>>> wbinfo -set-auth-user=Administrator%'password'
>>>> Could not lookup sid Administrator%password
>>>>
>>>> But, I could join the domain, i just entered net join and entered the
>>>> current users password and it said joined the domain!
>>>> wbinfo -u
>>>> Error looking up domain users
>>>>
>>>> Thanks again
>>>> Avinash
>>>>
>>>>
>>>>
>>>> On Mon, Aug 17, 2009 at 8:29 PM, Chris
>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>
>>>>> Right ok,
>>>>>
>>>>> So squid is running samba (as a pdc) and squid as a cache?
>>>>>
>>>>> Can you try running wbinfo -g, and if that doesn't work, try running
>>>>> wbinfo --set-auth-user=Administrator%'YourPassword' (see:
>>>>> http://www.debian-administration.org/article/Question_Winbind_on_samba_PDC),
>>>>> the run wbinfo -g again
>>>>>
>>>>> Kind Regards,
>>>>> Christopher Boczko
>>>>> Server Support Analyst - IT Shared Services
>>>>> HomeServe
>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>>>
>>>>> DDI: 01482 677272
>>>>> Mob: 07967 059241
>>>>>
>>>>> www.homeserve.com
>>>>> www.chemdry.co.uk
>>>>>
>>>>> DDI: 01482 677272
>>>>> Mob: 07967 059241
>>>>>
>>>>> www.homeserve.com
>>>>> www.chemdry.co.uk
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>> Sent: 17 August 2009 15:56
>>>>> To: Chris Boczko
>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>
>>>>> Yes its on the squid server and its a PDC and the passwd backend is
>>>>> tdbsam
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Aug 17, 2009 at 8:22 PM, Chris
>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>>
>>>>>> This is on the squid server?
>>>>>>
>>>>>> Its trying to be a pdc
>>>>>>
>>>>>>
>>>>>>   domain logons = yes
>>>>>>   os level = 65
>>>>>>   prefered master = yes
>>>>>>   domain master = yes
>>>>>>   local master = yes
>>>>>>
>>>>>> Kind Regards,
>>>>>> Christopher Boczko
>>>>>> Server Support Analyst - IT Shared Services
>>>>>> HomeServe
>>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>>>>
>>>>>> DDI: 01482 677272
>>>>>> Mob: 07967 059241
>>>>>>
>>>>>> www.homeserve.com
>>>>>> www.chemdry.co.uk
>>>>>>
>>>>>> DDI: 01482 677272
>>>>>> Mob: 07967 059241
>>>>>>
>>>>>> www.homeserve.com
>>>>>> www.chemdry.co.uk
>>>>>>
>>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>> Sent: 17 August 2009 15:51
>>>>>> To: Chris Boczko
>>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>>
>>>>>> smb.conf
>>>>>>
>>>>>> [global]
>>>>>>   workgroup = abc
>>>>>>   server string = Samba on SUN
>>>>>>   max log size = 500
>>>>>>   log level = 1
>>>>>>   interfaces = eth2 100.100.100.251
>>>>>>   bind interfaces only = True
>>>>>>
>>>>>>   log file = /var/log/samba/log.%m
>>>>>>   max log size = 1000
>>>>>>
>>>>>>   domain logons = yes
>>>>>>   os level = 65
>>>>>>   prefered master = yes
>>>>>>   domain master = yes
>>>>>>   local master = yes
>>>>>>
>>>>>>   winbind uid = 10000-20000
>>>>>>   winbind gid = 10000-20000
>>>>>>   winbind use default domain = yes
>>>>>>
>>>>>>   add machine script = /usr/sbin/useradd -s /bin/false -d /home/nobody
>>>>>> %u
>>>>>>   dns proxy =No
>>>>>>   hosts allow = 127. 100.100.100.
>>>>>>   wins support = Yes
>>>>>>   passdb backend = smbpasswd
>>>>>>
>>>>>>   encrypt passwords = true
>>>>>>   smb passwd file = /etc/samba/smbpasswd
>>>>>>   security = user
>>>>>>   netbios name = sunbox
>>>>>>   username map = /etc/samba/smbusers
>>>>>>
>>>>>> [homes]
>>>>>>   comment = Home Dir
>>>>>>   read only = NO
>>>>>>   browseable = NO
>>>>>>   valid users = %S
>>>>>>   path = %H
>>>>>>   directory mask = 0700
>>>>>>   create mask = 0700
>>>>>>
>>>>>>
>>>>>> [share]
>>>>>>  comment = test share
>>>>>>   path = /sambashare
>>>>>>   valid users = nimda
>>>>>>   create mask = 0765
>>>>>>
>>>>>>
>>>>>> Cheers
>>>>>> Avinash
>>>>>>
>>>>>>
>>>>>> On Mon, Aug 17, 2009 at 8:04 PM, Chris
>>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>>>
>>>>>>> Ah, make a little more sense, but i'm afraid my only experience is
>>>>>>> with windows as a active directory controller and samba linking to that, but
>>>>>>> i can still take a look at your smb.conf if you would like
>>>>>>>
>>>>>>> Kind Regards,
>>>>>>> Christopher Boczko
>>>>>>> Server Support Analyst - IT Shared Services
>>>>>>> HomeServe
>>>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>>>>>
>>>>>>> DDI: 01482 677272
>>>>>>> Mob: 07967 059241
>>>>>>>
>>>>>>> www.homeserve.com
>>>>>>> www.chemdry.co.uk
>>>>>>>
>>>>>>> DDI: 01482 677272
>>>>>>> Mob: 07967 059241
>>>>>>>
>>>>>>> www.homeserve.com
>>>>>>> www.chemdry.co.uk
>>>>>>>
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>>> Sent: 17 August 2009 15:30
>>>>>>> To: Chris Boczko
>>>>>>> Cc: squid-users_at_squid-cache.org
>>>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>>>
>>>>>>> Dear Christopher,
>>>>>>>
>>>>>>> Thank you for your reply.
>>>>>>>
>>>>>>> I am not using Active Directory, I am using a samba as a PDC (NT4)
>>>>>>> and
>>>>>>> its a simple configuration.  All clients are WinXP and they login to
>>>>>>> the domain and i just want to control their access to internet that
>>>>>>> is
>>>>>>> all.
>>>>>>>
>>>>>>> And there is no other Windows NT domain machine in my network, its
>>>>>>> just this ubuntu server running squid and samba!
>>>>>>>
>>>>>>> If i am right? wbinfo -t will not work coz, i don't have a windows NT
>>>>>>> domain machine and no trust exists. But, how do i control, restrict
>>>>>>> or
>>>>>>> allow internet access for samba domain users through squid?
>>>>>>>
>>>>>>> Many Thanks
>>>>>>> Avinash
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Aug 17, 2009 at 7:50 PM, Chris
>>>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>>>>
>>>>>>>> Yes,
>>>>>>>>
>>>>>>>> If you are using active directory 2000/2003/2008, you'll need to
>>>>>>>> configure krb5 first
>>>>>>>>
>>>>>>>> Please see http://ubuntuforums.org/showthread.php?t=91510 , but you
>>>>>>>> only need to follow steps 1-3, then 7-9
>>>>>>>>
>>>>>>>> Then run
>>>>>>>>
>>>>>>>> Wbinfo -t to check the trust and
>>>>>>>> Wbinfo -g to list groups
>>>>>>>>
>>>>>>>> Kind Regards,
>>>>>>>> Christopher Boczko
>>>>>>>> Server Support Analyst - IT Shared Services
>>>>>>>> HomeServe
>>>>>>>> Chemdry UK, Colonial House, Swinemoor Lane, Beverley, HU17 0LS
>>>>>>>>
>>>>>>>> DDI: 01482 677272
>>>>>>>> Mob: 07967 059241
>>>>>>>>
>>>>>>>> www.homeserve.com
>>>>>>>> www.chemdry.co.uk
>>>>>>>>
>>>>>>>> DDI: 01482 677272
>>>>>>>> Mob: 07967 059241
>>>>>>>>
>>>>>>>> www.homeserve.com
>>>>>>>> www.chemdry.co.uk
>>>>>>>>
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>>>> Sent: 17 August 2009 14:57
>>>>>>>> To: Chris Boczko
>>>>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>>>>
>>>>>>>> root_at_sunbox: net join -U user
>>>>>>>> Password:
>>>>>>>> Creation of workstation account failed
>>>>>>>> Unable to join domain abc
>>>>>>>>
>>>>>>>> user_at_sunbox:/usr/lib/squid$ net join -U user1
>>>>>>>> [2009/08/17 19:24:05, 0] passdb/secrets.c:secrets_init(66)
>>>>>>>>  Failed to open /var/lib/samba/secrets.tdb
>>>>>>>> [2009/08/17 19:24:05, 0] utils/net_rpc.c:rpc_oldjoin_internals(309)
>>>>>>>>  error storing domain sid for abc
>>>>>>>>
>>>>>>>> No, I haven't configured krb5. Do we need all this just to control
>>>>>>>> internet access for samba domain users?
>>>>>>>>
>>>>>>>> Avinash
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Aug 17, 2009 at 7:19 PM, Chris
>>>>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>>>>>
>>>>>>>>> Have you run net join on the squid server (from the command line),
>>>>>>>>> and have you configured krb5?
>>>>>>>>>
>>>>>>>>> Does kinit (user)@(domain).(domain) work?
>>>>>>>>>
>>>>>>>>> Kind Regards,
>>>>>>>>> Christopher Boczko
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>>>>> Sent: 17 August 2009 14:47
>>>>>>>>> To: Chris Boczko
>>>>>>>>> Subject: Re: [squid-users] Need help in integrating squid and samba
>>>>>>>>>
>>>>>>>>> Samba Version:
>>>>>>>>>
>>>>>>>>> dpkg -l | grep samba
>>>>>>>>> ii  samba  3.0.28a-1ubuntu4.8   a LanManager-like file and printer
>>>>>>>>> server fo
>>>>>>>>> ii  samba-common  3.0.28a-1ubuntu4.8   Samba common files used by
>>>>>>>>> both
>>>>>>>>> the server a
>>>>>>>>>
>>>>>>>>> Ubuntu 8.04 Server 64-bit.
>>>>>>>>>
>>>>>>>>> Net Join? You mean from a windows client? I have only winXP clients
>>>>>>>>> and they are all configured to login to the domain.
>>>>>>>>>
>>>>>>>>> Avinash
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, Aug 17, 2009 at 7:07 PM, Chris
>>>>>>>>> Boczko<Christopher.Boczko_at_chemdry.co.uk> wrote:
>>>>>>>>>>
>>>>>>>>>> Have you tried rejoining the domain using
>>>>>>>>>>
>>>>>>>>>> Net join ?
>>>>>>>>>>
>>>>>>>>>> Then testing the join with
>>>>>>>>>>
>>>>>>>>>> Wbinfo -t
>>>>>>>>>>
>>>>>>>>>> Also, which version of debian / samba / ad are you running?
>>>>>>>>>>
>>>>>>>>>> Kind Regards,
>>>>>>>>>> Christopher Boczko
>>>>>>>>>>
>>>>>>>>>> -----Original Message-----
>>>>>>>>>> From: Avinash Rao [mailto:avinash.aol_at_gmail.com]
>>>>>>>>>> Sent: 17 August 2009 14:25
>>>>>>>>>> To: squid-users_at_squid-cache.org
>>>>>>>>>> Subject: Fwd: [squid-users] Need help in integrating squid and
>>>>>>>>>> samba
>>>>>>>>>>
>>>>>>>>>> Thanks for the quick response.
>>>>>>>>>> And, yes i will install squid using apt-get install command.
>>>>>>>>>> The basic winbindd functionality "wbinfo -t": is not successful
>>>>>>>>>>
>>>>>>>>>> wbinfo -t
>>>>>>>>>> checking the trust secret via RPC calls failed
>>>>>>>>>> error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
>>>>>>>>>> Could not check secret
>>>>>>>>>>
>>>>>>>>>> Even, wbinfo -a mydomain\\myuser%mypasswd is unsuccessful
>>>>>>>>>>
>>>>>>>>>> Wondering how i should proceed without this?
>>>>>>>>>>
>>>>>>>>>> Avinash
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Mon, Aug 17, 2009 at 1:15 PM, Amos
>>>>>>>>>> Jeffries<squid3_at_treenet.co.nz> wrote:
>>>>>>>>>>>
>>>>>>>>>>> [re-inserting squid-users mailing list]
>>>>>>>>>>>
>>>>>>>>>>> Avinash Rao wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> On Mon, Aug 17, 2009 at 11:30 AM, Amos Jeffries
>>>>>>>>>>>> <squid3_at_treenet.co.nz
>>>>>>>>>>>> <mailto:squid3_at_treenet.co.nz>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>   Avinash Rao wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>       Dear all,
>>>>>>>>>>>>
>>>>>>>>>>>>       I am new here and i would like to know the correct
>>>>>>>>>>>> procedure for
>>>>>>>>>>>>       compiling squid to integrate with samba.
>>>>>>>>>>>>       I am doing this on a Ubuntu 8.04 Server 64-bit edition and
>>>>>>>>>>>> i
>>>>>>>>>>>>       have all
>>>>>>>>>>>>       the updates installed. Infact, i have installed samba
>>>>>>>>>>>> through
>>>>>>>>>>>>       apt-get
>>>>>>>>>>>>       install and is configured as a PDC.
>>>>>>>>>>>>
>>>>>>>>>>>>       dpkg -l | grep samba
>>>>>>>>>>>>       ii  samba  3.0.28a-1ubuntu4.8   a LanManager-like file and
>>>>>>>>>>>>       printer server fo
>>>>>>>>>>>>       ii  samba-common  3.0.28a-1ubuntu4.8   Samba common files
>>>>>>>>>>>> used
>>>>>>>>>>>>       by both
>>>>>>>>>>>>       the server a
>>>>>>>>>>>>
>>>>>>>>>>>>        I am in need of controlling internet access for samba
>>>>>>>>>>>> domain users
>>>>>>>>>>>>       through squid. I read the documentation and it says Squid
>>>>>>>>>>>> must be
>>>>>>>>>>>>       built with the configure options:
>>>>>>>>>>>>
>>>>>>>>>>>>          --enable-auth="ntlm,basic"
>>>>>>>>>>>>          --enable-basic-auth-helpers="
>>>>>>>>>>>>       winbind"
>>>>>>>>>>>>          --enable-ntlm-auth-helpers="winbind"
>>>>>>>>>>>>
>>>>>>>>>>>>       According to the documentation,
>>>>>>>>>>>>       --------
>>>>>>>>>>>>       Samba 3.x
>>>>>>>>>>>>       ---------
>>>>>>>>>>>>       Things are much easier under the 3.x versions of Samba.
>>>>>>>>>>>> Smbd is no
>>>>>>>>>>>>       longer required to manage the machine's trust account, and
>>>>>>>>>>>>  there
>>>>>>>>>>>> is
>>>>>>>>>>>>       no need to patch any utilities.
>>>>>>>>>>>>       The Samba team has incorporated functionality to change
>>>>>>>>>>>> the machine
>>>>>>>>>>>>       trust account password in the new "net" command.  A simple
>>>>>>>>>>>> daily
>>>>>>>>>>>>       cron
>>>>>>>>>>>>       job scheduling "net rpc changetrustpw" is all that is
>>>>>>>>>>>> needed.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>       I went through the squid documentation and the configure
>>>>>>>>>>>> options
>>>>>>>>>>>> are
>>>>>>>>>>>>       vast. All i want is normal squid operations but with samba
>>>>>>>>>>>>       integration. Do I have to specify other options for normal
>>>>>>>>>>>> squid
>>>>>>>>>>>>       operations?? What is the correct procedure and which
>>>>>>>>>>>> version of
>>>>>>>>>>>>       squid
>>>>>>>>>>>>       suits well for the version of samba i am using? I have
>>>>>>>>>>>> used
>>>>>>>>>>>>       squid but
>>>>>>>>>>>>       never compiled.  My requirement with samba is PDC, winxp
>>>>>>>>>>>> clients,
>>>>>>>>>>>>       users home directories are mapped as they login to the
>>>>>>>>>>>> domain, a
>>>>>>>>>>>>       common share for all users and a printer if needed.
>>>>>>>>>>>>
>>>>>>>>>>>>       Many Thanks,
>>>>>>>>>>>>       Avinash
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>   This covers the NTLM auth via Samba requirements.
>>>>>>>>>>>>   http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm
>>>>>>>>>>>>
>>>>>>>>>>>>   This covers the Active Directory (kerberos/negotiate auth)
>>>>>>>>>>>> requirements:
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>  http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>   Amos
>>>>>>>>>>>>   --    Please be using
>>>>>>>>>>>>    Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>>>>>>>>>>>>    Current Beta Squid 3.1.0.13
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Amos,
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks for the reply.
>>>>>>>>>>>>
>>>>>>>>>>>> I read the documentation, and it says, "
>>>>>>>>>>>>
>>>>>>>>>>>> As Samba-3.x has it's own authentication helper there is no need
>>>>>>>>>>>> to build
>>>>>>>>>>>> any of the Squid authentication helpers for use with Samba-3.x
>>>>>>>>>>>> (and the
>>>>>>>>>>>> helpers provided by Squid won't work if you do). You do however
>>>>>>>>>>>> need to
>>>>>>>>>>>> enable support for the NTLM scheme if you plan on using this.
>>>>>>>>>>>> Also you may
>>>>>>>>>>>> want to use the wbinfo_group helper for group lookups
>>>>>>>>>>>>
>>>>>>>>>>>> --enable-auth="ntlm,basic"
>>>>>>>>>>>> --enable-external-acl-helpers="wbinfo_group"
>>>>>>>>>>>>
>>>>>>>>>>>> Does this mean that squid has to be compiled with the above
>>>>>>>>>>>> options?  I
>>>>>>>>>>>> am sorry if this sounds very basic. Also, my requirement, i
>>>>>>>>>>>> should be able
>>>>>>>>>>>> to restrict few users samba users from accessing the internet
>>>>>>>>>>>> through at
>>>>>>>>>>>> certain times and not necessary authentication.  Will the above
>>>>>>>>>>>> options
>>>>>>>>>>>> help.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks,
>>>>>>>>>>>> Avinash
>>>>>>>>>>>>
>>>>>>>>>>> The Squid packages available for Ubuntu already have those
>>>>>>>>>>> helpers built-in
>>>>>>>>>>> and installed along with the package. All you need is the
>>>>>>>>>>> configuration file
>>>>>>>>>>> changes.
>>>>>>>>>>>
>>>>>>>>>>> If you are building your own Squid from raw source code, you may
>>>>>>>>>>> need to add
>>>>>>>>>>> them.
>>>>>>>>>>>
>>>>>>>>>>> For someone who does not know the very basics I would seriously
>>>>>>>>>>> advise
>>>>>>>>>>> staying with the pre-packaged versions of Squid until you know
>>>>>>>>>>> what you are
>>>>>>>>>>> doing.
>>>>>>>>>>>  -->  apt-get install squid
>>>>>>>>>>>
>>>>>>>>>>> Then change the /etc/squid.conf file as needed.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Amos
>>>>>>>>>>> --
>>>>>>>>>>> Please be using
>>>>>>>>>>>  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>>>>>>>>>>>  Current Beta Squid 3.1.0.13
>>>>>>>>>>>
>
>
> --
> Please be using
>  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
>  Current Beta Squid 3.1.0.13
>
Received on Wed Aug 19 2009 - 05:03:08 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 19 2009 - 12:00:04 MDT