* [Comm] Squid É ntlm Á×ÔÏÒÉÚÁÃÉÑ ÉÚ w2k ÄÏÍÅÎÁ
@ 2004-06-01 17:13 Peter Teslenko
2004-06-02 2:55 ` [Comm] Squid и ntlm авторизация из w2k домена Nizamov Shavkat
0 siblings, 1 reply; 4+ messages in thread
From: Peter Teslenko @ 2004-06-01 17:13 UTC (permalink / raw)
To: community
Hello community,
Если нетрудно посоветуйте как решить проблему.
Есть w2k домен в native режиме.
В нем создана группа vip, в которую внесены юзера для squid'а.
На linux'е собран squid-2.5.STABLE4-20040220
с вот такой строкой
./configure --enable-auth=ntlm,basic --enable-basic-auth-helpers=winbind --enable-ntlm-auth-helpers=winbind
--enable-external-acl-helpers=winbind_group --enable-delay-pools --with-samba-sources=/usr/local/src/samba-2.2.8a/
в squid.conf
auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/squid/libexec/wb_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wb_group
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl good_url url_regex -i "/usr/local/squid/etc/acl/good_url"
acl filez_good url_regex -i "/usr/local/squid/etc/acl/filez_good"
acl filez urlpath_regex "/usr/local/squid/etc/acl/filez"
acl hernya url_regex "/usr/local/squid/etc/acl/hernya"
acl hernya_exclusion url_regex "/usr/local/squid/etc/acl/hernya_exclusion"
acl hernyaurl urlpath_regex "/usr/local/squid/etc/acl/hernyaurl"
acl banner url_regex "/usr/local/squid/etc/acl/banner"
acl banner_good url_regex "/usr/local/squid/etc/acl/banner_good"
acl bannerurl urlpath_regex "/usr/local/squid/etc/acl/bannerurl"
acl banner_exclusion url_regex "/usr/local/squid/etc/acl/banner_exclusion"
acl porno url_regex "/usr/local/squid/etc/acl/porno"
acl pornourl urlpath_regex "/usr/local/squid/etc/acl/pornourl"
acl MCICBUsers proxy_auth REQUIRED
acl vip_users external NT_global_group vip
http_access allow vip_users
http_access allow good_url
http_access allow filez_good
http_access allow banner_good
http_access deny hernya
http_access deny banner
http_access deny bannerurl
http_access deny filez
http_access deny vip_url
http_access allow MCICBUsers
http_access deny all
Хочу группе vip дать полный доступ в и-нет, а всех остальных
ограничить. Где я наступил на грабли?
--
Peter Teslenko
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Comm] Squid и ntlm авторизация из w2k домена
2004-06-01 17:13 [Comm] Squid É ntlm Á×ÔÏÒÉÚÁÃÉÑ ÉÚ w2k ÄÏÍÅÎÁ Peter Teslenko
@ 2004-06-02 2:55 ` Nizamov Shavkat
2004-06-02 7:35 ` Re[2]: [Comm]Squid É ntlm Á×ÔÏÒÉÚÁÃÉÑ ÉÚ w2k ÄÏÍÅÎÁ Peter Teslenko
0 siblings, 1 reply; 4+ messages in thread
From: Nizamov Shavkat @ 2004-06-02 2:55 UTC (permalink / raw)
To: community
>
> Хочу группе vip дать полный доступ в и-нет, а всех остальных
> ограничить. Где я наступил на грабли?
>
а что за грабли-то ?
PS посмотрите в своих "запретительных" файликах - нет ли в них пустых
строк, обычно в конце ?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re[2]: [Comm]Squid É ntlm Á×ÔÏÒÉÚÁÃÉÑ ÉÚ w2k ÄÏÍÅÎÁ
2004-06-02 2:55 ` [Comm] Squid и ntlm авторизация из w2k домена Nizamov Shavkat
@ 2004-06-02 7:35 ` Peter Teslenko
2004-06-02 8:04 ` Re[2]: [Comm]Squid и ntlm авторизация из w2k домена Mike Lykov
0 siblings, 1 reply; 4+ messages in thread
From: Peter Teslenko @ 2004-06-02 7:35 UTC (permalink / raw)
To: Nizamov Shavkat
Hello Nizamov,
Wednesday, June 2, 2004, 6:55:59 AM, you wrote:
>>
>> Хочу группе vip дать полный доступ в и-нет, а всех остальных
>> ограничить. Где я наступил на грабли?
>>
NS> а что за грабли-то ?
Я в /usr/local/squid/var/log/cache.log имею вот это
2004/06/01 20:14:14| Reconfiguring Squid Cache (version 2.5.STABLE4-20040220)...
2004/06/01 20:14:14| FD 26 Closing HTTP connection
2004/06/01 20:14:14| FD 27 Closing ICP connection
2004/06/01 20:14:14| DNS Socket created at 0.0.0.0, port 37998, FD 6
2004/06/01 20:14:14| Adding nameserver 81.23.107.58 from /etc/resolv.conf
2004/06/01 20:14:14| Adding nameserver 192.168.1.3 from /etc/resolv.conf
2004/06/01 20:14:14| Adding nameserver 192.168.1.1 from /etc/resolv.conf
2004/06/01 20:14:14| helperStatefulOpenServers: Starting 5 'wb_ntlmauth' processes
(wb_ntlmauth)[1177](wb_ntlm_auth.c:352): target domain is MCBFA
(wb_ntlmauth)[1176](wb_ntlm_auth.c:352): target domain is MCBFA
(wb_ntlmauth)[1178](wb_ntlm_auth.c:352): target domain is MCBFA
(wb_ntlmauth)[1179](wb_ntlm_auth.c:352): target domain is MCBFA
2004/06/01 20:14:14| helperOpenServers: Starting 5 'wb_auth' processes
(wb_ntlmauth)[1180](wb_ntlm_auth.c:352): target domain is MCBFA
2004/06/01 20:14:14| helperOpenServers: Starting 5 'wb_group' processes
2004/06/01 20:14:14| Accepting HTTP connections at 0.0.0.0, port 3128, FD 7.
2004/06/01 20:14:14| Accepting ICP messages at 0.0.0.0, port 3130, FD 25.
2004/06/01 20:14:14| WCCP Disabled.
2004/06/01 20:14:14| Loaded Icons.
2004/06/01 20:14:14| Ready to serve requests.
(wb_group)[1186](wb_check_group.c:231): Warning: Can't enum user groups.
(wb_group)[1186](wb_check_group.c:231): Warning: Can't enum user groups.
вот последние 2 строчки меня и смущают
NS> PS посмотрите в своих "запретительных" файликах - нет ли в них пустых
NS> строк, обычно в конце ?
NS> _______________________________________________
NS> Community mailing list
NS> Community@altlinux.ru
NS> https://lists.altlinux.ru/mailman/listinfo/community
--
Peter Teslenko
+7-812-9404035
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Re[2]: [Comm]Squid и ntlm авторизация из w2k домена
2004-06-02 7:35 ` Re[2]: [Comm]Squid É ntlm Á×ÔÏÒÉÚÁÃÉÑ ÉÚ w2k ÄÏÍÅÎÁ Peter Teslenko
@ 2004-06-02 8:04 ` Mike Lykov
0 siblings, 0 replies; 4+ messages in thread
From: Mike Lykov @ 2004-06-02 8:04 UTC (permalink / raw)
To: community
В сообщении от Среда 02 Июнь 2004 12:35 Peter Teslenko написал:
> (wb_group)[1186](wb_check_group.c:231): Warning: Can't enum user groups.
> (wb_group)[1186](wb_check_group.c:231): Warning: Can't enum user groups.
напишите в samba@
--
Mike Lykov
Samara, "Vesna" parfum company, System administrator
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-06-02 8:04 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-06-01 17:13 [Comm] Squid É ntlm Á×ÔÏÒÉÚÁÃÉÑ ÉÚ w2k ÄÏÍÅÎÁ Peter Teslenko
2004-06-02 2:55 ` [Comm] Squid и ntlm авторизация из w2k домена Nizamov Shavkat
2004-06-02 7:35 ` Re[2]: [Comm]Squid É ntlm Á×ÔÏÒÉÚÁÃÉÑ ÉÚ w2k ÄÏÍÅÎÁ Peter Teslenko
2004-06-02 8:04 ` Re[2]: [Comm]Squid и ntlm авторизация из w2k домена Mike Lykov
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git