[Samba] samba4 + squid 2.7 auth
L.P.H. van Belle
belle at bazuin.nl
Fri Sep 5 07:11:54 MDT 2014
Yes, you can.
You can make groups and add users to it, at a timed acl to it.
for example. my workers here,
Internet-full ( group ) with time 8:15-17:00 have internet.
Restricted group with time 8:15-17:00 have internet to the site i allowed for them.
etc .. google around for it and bewere of the version of squid and config your using.
this like was what i used for my setup.
http://www.papercut.com/kb/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
and this is what your looking for i think
-f ?(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=users,dc=your,dc=domain,dc=com))?
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: Agustín Dixan Díaz Corrales
>[mailto:agustin.dixan at esilt.azcuba.cu]
>Verzonden: vrijdag 5 september 2014 10:26
>Aan: L.P.H. van Belle; samba at lists.samba.org
>Onderwerp: Re: [Samba] samba4 + squid 2.7 auth
>
>El 05/09/14 a las #4, L.P.H. van Belle escribió:
>> Hai,
>>
>> beware of the config difference beween all squid version.
>> squid 2.7 is way old, and i really suggest you upgrade to at
>least squid 3.1. ( debian wheezy )
>> as for 3.3 there were lots of improvements for the newer protocols.
>> and there where kerberos fixes in 3.2 and up.
>> rebuilding from jessie to wheezy isnt that here, google for it.
>>
>> this is my setup for squid 3.3.8. ( debian wheezy, but squid
>rebuild from debian jessie )
>>
>> see the -f and -D parameter, this is for a kerberos based
>auth against AD domain.
>>
>> auth_param basic program /usr/lib/squid3/basic_ldap_auth -R \
>> -b "OU=Users,DC=internal,DC=domain,DC=tld" \
>> -D ldap-bind at internal.domain.tld -W
>/etc/squid3/private/ldap-bind \
>> -f (|(userPrincipalName=%s)(sAMAccountName=%s)) \
>> -h dc1.internal.domain.tld
>>
>> and this is the fallback for the above but ldap based.
>>
>> auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 \
>> -b "DC=internal,DC=domain,DC=tld" \
>> -D cn=ldap-bind,dc=internal,DC=domain,DC=tld -W
>/etc/squid3/private/ldap-bind \
>> -f uid=%s dc1.internal.domain.tld
>>
>> Greetz,
>>
>> Louis
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: heupink at merit.unu.edu
>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>> heupink - merit
>>> Verzonden: donderdag 4 september 2014 14:24
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] samba4 + squid 2.7 auth
>>>
>>> These lines are for squid3, but work here:
>>>
>>>> auth_param basic program /usr/lib/squid3/squid_ldap_auth -v
>>> 3 -P -R -u cn -s sub -b "DC=samba,DC=company,DC=com" -D
>>> "CN=ldap_search_account,CN=Users,DC=samba,DC=company,DC=com"
>>> -w "ldap_search_account_password" -f "(&(sAMAccountName=%s))"
>>> -h dc.company.com
>>>> acl ldapauth proxy_auth REQUIRED
>>>> http_access allow ldapauth
>>>
>>> Hope this helps you,
>>> Mourik Jan
>>
>
>thanks a lot...can i define a group in samba like example
>"internet" and
>only grant access to squid user define in this group of samba??
>
>
>
>
More information about the samba
mailing list