Re: [squid-users] About ip_user_check with ADS groups

From: Helpdesk <helpdesk@dont-contact.us>
Date: Wed, 04 Oct 2006 09:11:42 +0200

Henrik Nordstrom ha scritto:
> mån 2006-10-02 klockan 13:47 +0200 skrev Helpdesk:
>> Hi,
>> I'm running squid-2.5.STABLE6-3.4E.12 and samba-3.0.10-1.4E.9 on CentOS
>> 4.4, all is working fine but I don't understand how to configure
>> external ip_user_check with AD group:
>
> No wonder, it's not something supported by ip_user_check.

My proxy server joined our active directory domanin (with samba,
kerberos,nsswitch etc.) so I think AD users/groups could be known to the
OS, an AD user can login via ssh, can access samba shares etc.

ip_user_check seem to know user but not group

> The only groups known to ip_user_check is the groups known to the OS.

nsswitch.conf:
...
passwd: files winbind
shadow: files
group: files winbind
...

> But you can combine other ACLs to get the desired results.
>
> For the explicit user names use ip_user as you already have.
>
> For l2 use a wbinfo_group acl + and src acl.

Yes - It works - but I would like to understand why ip_user_check
doesn't :-)
tkx

P.S.
Sorry for my wrong private posting
Received on Wed Oct 04 2006 - 01:11:53 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST