Okay. Seems to be working on my FreeBSD box.
For anyone who wants to know in the future.. setting up Squid to Authenticate via Samba3 to Active Directory Services:
squid.conf....
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
....
# Define the group
external_acl_type NT_global_group %LOGIN /usr/local/libexec/squid/wbinfo_group.pl
# Use the group
acl AllowedNTUsers external NT_global_group "/usr/local/etc/squid/acls/allowedntgroups"
acl LoggedInUsers proxy_auth REQUIRED
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
http_access allow AllowedNTUsers LoggedInUsers
http_access deny !AllowedNTUsers
http_access deny !LoggedInUsers
# And finally deny all other access to this proxy
http_access deny all
Put the NT Groups to auth against into allowedntgroups:
eg
$ cat /usr/local/etc/squid/acls/allowedntgroups
"ITDepartment"
"IT Help Desk"
------------------------------------------------------------------------------
This communication, including any attachments, is confidential. If
you are not the intended recipient, you should not read it - please
contact me immediately, destroy it, and do not copy or use any part of
this communication or disclose anything about it.
------------------------------------------------------------------------------
Received on Wed Oct 27 2004 - 20:52:02 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:02 MST