[Samba] samba4 + squid 2.7 auth

L.P.H. van Belle belle at bazuin.nl
Fri Sep 5 07:11:54 MDT 2014


Yes, you can.
You can make groups and add users to it, at a timed acl to it.

for example. my workers here, 
Internet-full ( group ) with time 8:15-17:00 have internet. 
Restricted group with time 8:15-17:00 have internet to the site i allowed for them. 
etc ..  google around for it and bewere of the version of squid and config your using. 
this like was what i used for my setup. 

http://www.papercut.com/kb/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory 

and this is what your looking for i think

 -f ?(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=users,dc=your,dc=domain,dc=com))?

Greetz, 

Louis

 

>-----Oorspronkelijk bericht-----
>Van: Agustín Dixan Díaz Corrales 
>[mailto:agustin.dixan at esilt.azcuba.cu] 
>Verzonden: vrijdag 5 september 2014 10:26
>Aan: L.P.H. van Belle; samba at lists.samba.org
>Onderwerp: Re: [Samba] samba4 + squid 2.7 auth
>
>El 05/09/14 a las #4, L.P.H. van Belle escribió:
>> Hai,
>>
>> beware of the config difference beween all squid version.
>> squid 2.7 is way old, and i really suggest you upgrade to at 
>least squid 3.1. ( debian wheezy )
>> as for 3.3 there were lots of improvements for the newer protocols.
>> and there where kerberos fixes in 3.2 and up.
>> rebuilding from jessie to wheezy isnt that here, google for it.
>>
>> this is my setup for squid 3.3.8. ( debian wheezy, but squid 
>rebuild from debian jessie )
>>
>> see the -f and -D parameter, this is for a kerberos based 
>auth against AD domain.
>>
>> auth_param basic program /usr/lib/squid3/basic_ldap_auth -R \
>>          -b "OU=Users,DC=internal,DC=domain,DC=tld" \
>>          -D ldap-bind at internal.domain.tld -W 
>/etc/squid3/private/ldap-bind \
>>          -f (|(userPrincipalName=%s)(sAMAccountName=%s)) \
>>          -h dc1.internal.domain.tld
>>
>> and this is the fallback for the above but ldap based.
>>
>> auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 \
>>           -b "DC=internal,DC=domain,DC=tld" \
>>           -D cn=ldap-bind,dc=internal,DC=domain,DC=tld  -W 
>/etc/squid3/private/ldap-bind \
>>           -f uid=%s dc1.internal.domain.tld
>>
>> Greetz,
>>
>> Louis
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: heupink at merit.unu.edu
>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>> heupink - merit
>>> Verzonden: donderdag 4 september 2014 14:24
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] samba4 + squid 2.7 auth
>>>
>>> These lines are for squid3, but work here:
>>>
>>>> auth_param basic program /usr/lib/squid3/squid_ldap_auth -v
>>> 3 -P -R -u cn -s sub -b "DC=samba,DC=company,DC=com" -D
>>> "CN=ldap_search_account,CN=Users,DC=samba,DC=company,DC=com"
>>> -w "ldap_search_account_password" -f "(&(sAMAccountName=%s))"
>>> -h dc.company.com
>>>> acl ldapauth proxy_auth REQUIRED
>>>> http_access allow ldapauth
>>>
>>> Hope this helps you,
>>> Mourik Jan
>>
>
>thanks a lot...can i define a group in samba like example 
>"internet" and 
>only grant access to squid user define in this group of samba??
>
>
>
>



More information about the samba mailing list