RE: [squid-users] SquidNT Authentication Question
Hi Amos, Thanks for the feedback. You are right, I should check my terminology as I am in fact referring to Squid for Windows. I'll have a go with the 2.7 release today and advise if that solves my issue. Have a fun day! Jacques Kruger -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: 22 September 2009 06:31 To: Jacques Kruger (DHL NA) Cc: squid-users@squid-cache.org Subject: Re: [squid-users] SquidNT Authentication Question On Mon, 21 Sep 2009 15:56:42 +0200, Jacques Kruger \(DHL NA\) jacques.kru...@dhl.com wrote: Hi, I am currently using SquidNT (Version 2.6.STABLE13) as a local proxy in Side note; The old project 'SquidNT' is no longer existing. The current official Squid windows port is termed 'Squid for Windows' available only from Acme Consulting Ltd (http://squid.acmeconsulting.it/) and possibly soon the main squid-cache.org website. There are some copyright violators known using the old experimental project name to advertise an altered and dubious version of the Squid binary for profit. Please check you have the official Squid for windows software and kindly please assist us undermining the copyright violators by updating your terminology about Squid to the new name. Thank you. each of our smaller offices. I authenticate against MS Active Directory using a Global Group. I have noticed that the authentication has a limitation in that the helper seems not to check Group membership recursively, i.e. it will only look at the first result and if that result is a group, it will not check membership of the lower group. I have learned to live with this but changes in our AD policy will require me to make my internet access group a member of a higher group and I should then authenticate to the higher group, that will no work (I hope I'm making sense). I have treid this with 3.0.STABLE13-BZR and it persists. Any way to work around this? The new version of mswin_check_ad_group helper provided with 2.7.STABLE7 and later appears to have nested group support you are wanting. It should be available from Acme soon if not already. Amos
RE: [squid-users] SquidNT Authentication Question
Hi Guido, I would appreciate it if you can provide me with the executable. I have installed and configured 2.7 Stable and the authentication is not going as expected. The setup is as follows: GroupA with GroupB as a member. GroupB has testuser as a member. If I set authentication against GroupB everything works as expected. If I set Authentication against GroupA, the user is granted full access even if I remove the user from GroupB. Thanks in advance. Jacques Kruger -Original Message- From: Guido Serassio [mailto:guido.seras...@acmeconsulting.it] Sent: 22 September 2009 09:19 To: Jacques Kruger (DHL NA); Amos Jeffries Cc: squid-users@squid-cache.org Subject: R: [squid-users] SquidNT Authentication Question Hi, The binary kit of 2.7 STABLE7 is already available. But there are some little problems with the new helper regarding universal group usage. A new version will be available shortly. For now, if you like, I could provide to you the new executable. Regards -Messaggio originale- Da: Jacques Kruger (DHL NA) [mailto:jacques.kru...@dhl.com] Inviato: martedì 22 settembre 2009 8.32 A: Amos Jeffries Cc: squid-users@squid-cache.org Oggetto: RE: [squid-users] SquidNT Authentication Question Hi Amos, Thanks for the feedback. You are right, I should check my terminology as I am in fact referring to Squid for Windows. I'll have a go with the 2.7 release today and advise if that solves my issue. Have a fun day! Guido Serassio Acme Consulting S.r.l. Microsoft Gold Certified Partner Via Lucia Savarino, 110098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it
[squid-users] SquidNT Authentication Question
Hi, I am currently using SquidNT (Version 2.6.STABLE13) as a local proxy in each of our smaller offices. I authenticate against MS Active Directory using a Global Group. I have noticed that the authentication has a limitation in that the helper seems not to check Group membership recursively, i.e. it will only look at the first result and if that result is a group, it will not check membership of the lower group. I have learned to live with this but changes in our AD policy will require me to make my internet access group a member of a higher group and I should then authenticate to the higher group, that will no work (I hope I'm making sense). I have treid this with 3.0.STABLE13-BZR and it persists. Any way to work around this? Thanks in advance. Jacques Kruger
