Running Fedora Core1 We are using samba-3.0.2-7.FC1 and squid-2.5.STABLE3-1.fc1 (custom build with --enable-basic-auth-helpers="winbind")
Everything is working and the domain\username is listed in squid access log. What I would like to do, that I had done with wb_auth on Samba 2.2.8, is limit who can get out to the internet via NT global group membership. What I had done in that previous install was: external_acl_type NT_global_group ttl=300 %LOGIN /usr/local/squid/libexec/wb_group -c acl ProxyUsers external NT_global_group ProxyUsers acl password proxy_auth REQUIRED http_access allow password ProxyUsers I just can't find what I am looking for to duplicate this kind of action with ntlm_auth. Currently in my Fedora squid config auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl password proxy_auth REQUIRED http_access allow password ProxyUsers Not sure how to get the external_acl_type to work with ntlm_auth. any help appreciated.
