Henrik Nordstrom ha scritto:
> mån 2006-10-02 klockan 13:47 +0200 skrev Helpdesk:
>> Hi,
>> I'm running squid-2.5.STABLE6-3.4E.12 and samba-3.0.10-1.4E.9 on CentOS
>> 4.4, all is working fine but I don't understand how to configure
>> external ip_user_check with AD group:
>
> No wonder, it's not something supported by ip_user_check.
My proxy server joined our active directory domanin (with samba,
kerberos,nsswitch etc.) so I think AD users/groups could be known to the
OS, an AD user can login via ssh, can access samba shares etc.
ip_user_check seem to know user but not group
> The only groups known to ip_user_check is the groups known to the OS.
nsswitch.conf:
...
passwd: files winbind
shadow: files
group: files winbind
...
> But you can combine other ACLs to get the desired results.
>
> For the explicit user names use ip_user as you already have.
>
> For l2 use a wbinfo_group acl + and src acl.
Yes - It works - but I would like to understand why ip_user_check
doesn't :-)
tkx
P.S.
Sorry for my wrong private posting
Received on Wed Oct 04 2006 - 01:11:53 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST