[Samba] samba4 + squid 2.7 auth

Agustín Dixan Díaz Corrales agustin.dixan at esilt.azcuba.cu
Fri Sep 5 02:26:12 MDT 2014


El 05/09/14 a las #4, L.P.H. van Belle escribió:
> Hai,
>
> beware of the config difference beween all squid version.
> squid 2.7 is way old, and i really suggest you upgrade to at least squid 3.1. ( debian wheezy )
> as for 3.3 there were lots of improvements for the newer protocols.
> and there where kerberos fixes in 3.2 and up.
> rebuilding from jessie to wheezy isnt that here, google for it.
>
> this is my setup for squid 3.3.8. ( debian wheezy, but squid rebuild from debian jessie )
>
> see the -f and -D parameter, this is for a kerberos based auth against AD domain.
>
> auth_param basic program /usr/lib/squid3/basic_ldap_auth -R \
>          -b "OU=Users,DC=internal,DC=domain,DC=tld" \
>          -D ldap-bind at internal.domain.tld -W /etc/squid3/private/ldap-bind \
>          -f (|(userPrincipalName=%s)(sAMAccountName=%s)) \
>          -h dc1.internal.domain.tld
>
> and this is the fallback for the above but ldap based.
>
> auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 \
>           -b "DC=internal,DC=domain,DC=tld" \
>           -D cn=ldap-bind,dc=internal,DC=domain,DC=tld  -W /etc/squid3/private/ldap-bind \
>           -f uid=%s dc1.internal.domain.tld
>
> Greetz,
>
> Louis
>
>> -----Oorspronkelijk bericht-----
>> Van: heupink at merit.unu.edu
>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>> heupink - merit
>> Verzonden: donderdag 4 september 2014 14:24
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] samba4 + squid 2.7 auth
>>
>> These lines are for squid3, but work here:
>>
>>> auth_param basic program /usr/lib/squid3/squid_ldap_auth -v
>> 3 -P -R -u cn -s sub -b "DC=samba,DC=company,DC=com" -D
>> "CN=ldap_search_account,CN=Users,DC=samba,DC=company,DC=com"
>> -w "ldap_search_account_password" -f "(&(sAMAccountName=%s))"
>> -h dc.company.com
>>> acl ldapauth proxy_auth REQUIRED
>>> http_access allow ldapauth
>>
>> Hope this helps you,
>> Mourik Jan
>

thanks a lot...can i define a group in samba like example "internet" and 
only grant access to squid user define in this group of samba??





More information about the samba mailing list