From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <altlinux@aaanet.ru>
Message-ID: <444F3FE0.1030408@aaanet.ru>
Date: Wed, 26 Apr 2006 13:39:44 +0400
From: Igo <altlinux@aaanet.ru>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: ALT Linux Community <community@lists.altlinux.org>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 8bit
Subject: [Comm] squid & AD
X-BeenThere: community@lists.altlinux.org
X-Mailman-Version: 2.1.7
Precedence: list
Reply-To: altlinux@aaanet.ru,
	ALT Linux Community <community@lists.altlinux.org>
List-Id: ALT Linux Community <community.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/community>
List-Post: <mailto:community@lists.altlinux.org>
List-Help: <mailto:community-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2006 09:39:49 -0000
Archived-At: <http://lore.altlinux.org/community/444F3FE0.1030408@aaanet.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>

что то никак непроходит. постоянно пароль запрашивает броузер

[root@test squid]# wbinfo -t
checking the trust secret via RPC calls succeeded

[root@test squid]# ntlm_auth --helper-protocol=squid-2.5-basic
domen+name passwd
OK

[root@test usr]# [root@test squid]# cat squid.conf
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
ftp_user anonymous

debug_options ALL,9
#--require-membership-of=S-1-5-21-57989841-2147032053-725345543-1117
auth_param ntlm program /usr/bin/ntlm_auth 
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

external_acl_type ad_group %LOGIN "/usr/bin/wbinfo -n "

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl HTTP_GRP external ad_group http

acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 80 8080     # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl CONNECT method CONNECT

#wbinfo -n http
http_access allow HTTP_GRP Safe_ports

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports !Jabber_ports
http_access allow localhost
http_access deny all
http_reply_access allow all