[Comm] Squid É ntlm Á×ÔÏÒÉÚÁÃÉÑ ÉÚ w2k ÄÏÍÅÎÁ

Peter Teslenko =?iso-8859-1?q?inkyspot_=CE=C1_home=2Eru?=
Вт Июн 1 21:13:45 MSD 2004 

Hello community,

Если нетрудно посоветуйте как решить проблему.
Есть w2k домен в native режиме.
В нем создана группа vip, в которую внесены юзера для squid'а.

На linux'е собран squid-2.5.STABLE4-20040220
с вот такой строкой
./configure  --enable-auth=ntlm,basic --enable-basic-auth-helpers=winbind --enable-ntlm-auth-helpers=winbind
 --enable-external-acl-helpers=winbind_group --enable-delay-pools --with-samba-sources=/usr/local/src/samba-2.2.8a/

 в squid.conf

auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/squid/libexec/wb_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wb_group

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

acl good_url url_regex -i "/usr/local/squid/etc/acl/good_url"

acl filez_good url_regex -i "/usr/local/squid/etc/acl/filez_good"
acl filez urlpath_regex "/usr/local/squid/etc/acl/filez"

acl hernya url_regex "/usr/local/squid/etc/acl/hernya"
acl hernya_exclusion url_regex "/usr/local/squid/etc/acl/hernya_exclusion"
acl hernyaurl urlpath_regex "/usr/local/squid/etc/acl/hernyaurl"

acl banner url_regex "/usr/local/squid/etc/acl/banner"
acl banner_good url_regex "/usr/local/squid/etc/acl/banner_good"
acl bannerurl urlpath_regex "/usr/local/squid/etc/acl/bannerurl"
acl banner_exclusion url_regex "/usr/local/squid/etc/acl/banner_exclusion"

acl porno url_regex "/usr/local/squid/etc/acl/porno"
acl pornourl urlpath_regex "/usr/local/squid/etc/acl/pornourl"


acl MCICBUsers proxy_auth REQUIRED
acl vip_users external NT_global_group vip
http_access allow vip_users

http_access allow good_url
http_access allow filez_good
http_access allow banner_good

http_access deny hernya
http_access deny banner
http_access deny bannerurl
http_access deny filez
http_access deny vip_url

http_access allow MCICBUsers

http_access deny all


Хочу группе vip дать полный доступ в и-нет, а всех остальных
ограничить. Где я наступил на грабли?

--
Peter Teslenko

Подробная информация о списке рассылки community