[squid-users] Squid NTLM AD Group Delay Pools
Garth
garth1985 at gmail.com
Thu Aug 4 10:16:04 UTC 2016
Hi All
I am struggling with delay pools and Group AD. I have managed to narrow
down the problem to the AD Groups. If I do user auth, the delay pool
works perfectly. I have tried multiple groups from old to new just
incase. The AD Groups work for normal site access in the http_access
rules etc.
Is there a known issue with this? Is there a way to confirm the group
lookup is correct by the squid/winbind?
Squid Cache: Version 3.1.23
Centos 6.8
external_acl_type ldap_group %LOGIN /usr/lib64/squid/squid_ldap_group -R
-b "dc=example,dc=example" -f
"(&(sAMAccountName=%v)(memberOf=cn=%a,ou=Security,ou=groups,dc=example,dc=example))"
-D test at EXAMPLE.EXAMPLE -w testing -h 192.168.1.254
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 50
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 50
acl proxyusers-delaypool external ldap_group proxyusers-delaypool
acl proxyusers-nondelaypool external ldap_group proxyusers-nondelaypool
acl ftp.is url_regex ftp.is.co.za
acl socialsites url_regex "/etc/squid/socialsites.txt"
In the socialsites is the following:
.facebook.com
.facebook.co.za
.facebook.com:443
.youtube.com:443
.googlevideo.
.fbcdn.net
.akamaihd.net
.vimeocdn.com:443
delay_pools 4
delay_class 1 1
delay_class 2 2
delay_class 3 2
delay_class 4 1
delay_parameters 1 244000/552000
delay_parameters 2 524000/525000 524000/525000
delay_parameters 3 244000/254000 244000/254000
delay_parameters 4 244000/552000
delay_access 1 allow socialsites proxyusers-delaypool
delay_access 2 allow proxyusers-nondelaypool
delay_access 3 allow proxyusers-delaypool
delay_access 4 allow ftp.is proxyusers-delaypool
I am testing via wget and proxy input details into the bash profile. I
can confirm the username appears in the squid logs.
Any ideas?
Thanks
Garth
More information about the squid-users
mailing list