Yes I found the problem !!!!.
I try to use new software
Squid-2.5.STABLE1-20021209 and Samba-2.2.7
but in new Samba ( 2.2.6 - 2.2.7 ) 'interfese' to
the winbind daemon ish changed !!!.
-- In Squid howto describe howt to use new Samba
with Squid ( replase winbindd_nss.h in Squid source )
but this trick dosent work !!!
So I try use new Squid ( 20021209 ) and
Samba 2.2.5 and ??.
IS WORKING
(Yes you can sey Samba 2.2.5 is old and have bougs,
but in this relase winbind WORK with Squid with no problems !!.)
Ok so whoot I did.
My linux - Debian Woody 2.4.18
Software Samba-2.2.5
Squid-2.5-stable1-20021209
compiling/instaling Samba
( i make deb - but you can do this from hand )
configure \
--with-fhs \
--prefix=/usr \
--sysconfdir=/etc \
--with-privatedir=/etc/samba \
--localstatedir=/var \
--with-netatalk \
--with-smbmount \
--with-pam \
--with-syslog \
--with-sambabook \
--with-utmp \
--with-readline \
--with-pam_smbpass \
--with-libsmbclient \
--with-winbind \
--with-winbind-auth-challenge \
--with-msdfs \
--with-automount
make clean
make
make install
/etc/samba/smb.conf
#-----------------------------------------------------------------
security = domain
workgroup = ----master-domain
password server = SRV
netbios name = mars
encrypt passwords = true
preferred master = no
local master = No
domain master = no
name resolve order = wins host bcast
character set = ISO8859-2
client code page = 852
code page directory = /usr/share/samba/codepages
winbind separator = "\"
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = yes
#-----------------------------------------------------------------
--- that's all -- Samba
Squid
./configure \
--enable-default-err-language=Polish \
--enable-err-languages="English" \
--prefix=/usr/local/squid25 \
--enable-auth="ntlm,basic" \
--enable-basic-auth-helpers="winbind" \
--enable-ntlm-auth-helpers="winbind"
make clean
make
make install
squid.conf
#-----------------------------------------------------------------
#stadard -s 3128
http_port 8081
auth_param ntlm program /usr/local/squid25/libexec/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/squid25/libexec/wb_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl AuthorizedUsers proxy_auth REQUIRED
http_access allow all AuthorizedUsers
cache_dir ufs /usr/local/squid25/var/cache 100 16 256
cache_effective_user proxy
cache_effective_group proxy
#-----------------------------------------------------------------
start samba winbind squid
check
wbinfo -u
wbinfo -g
if you see user from DC winbind is ok.
in this place set proxy on windows client ( > I.E 5.5 )
open any page
- if you are loged to the domain
web is open with no password prompt
- if not password box is displayed
in squid access.log you should see
.... TCP_MISS/200 1679 GET
http://www.google.pl/ domain\user DIRECT/216.239.39.101 text/html .....
its work !!!.
Ps. Soory for my English.
now i try to do statistic in Sarg.
2 Replies
1039 Views