- 论坛徽章:
- 0
|
回复 9楼 seewo 的帖子
RedHat9 2.4.20-8
samba-3.0.5-0.5. krb5-devel-1.2.7 squid-2.5.STABLE2.tar.gz
我的服务器是2003
想用ntlm做AD认证
服务器里有个 帐户为 xh 群组为 wt
目前用LINUX 做代理服务器(以test用户运行squid) 现已做好认证 也加入了域
客户端(WIN系统IE设置局域网代理,并且也是域中的计算机)目前访问网站不用输入密码
就是在做群组访问控制时(如想控制wt群组可上网),绐终不能实现现在一直在找原因
我把部分状况列出来,帮我看看
samba-3.0.5-0.5.1.i386.rpm
samba-client-3.0.5-0.5.1.i386.rpm
samba-common-3.0.5-0.5.1.i386.rpm
#rpm -Uvh samb*
下面是samba相关文件
[global]
workgroup = IPVLINK.COM.CN
server string = Samba Server
printcap name = /etc/printcap
load printers = yes
printing = cups
log file = /var/log/samba/%m.log
max log size = 50
security = ads
realm = IPVLINK.COM.CN
password server = win2k3.IPVLINK.COM.CN
encrypt passwords = yes
wins server = win2k3.IPVLINK.COM.CN
dns proxy = no
winbind uid = 10000-20000
winbind gid = 10000-20000
template shell = /bin/false
winbind use default domain=yes
winbind separator=\
winbind enum users = yes
winbind enum groups = yes
然后重启服务并加入域
net ads join -U administrator
[root@squidlinux root]# wbinfo -u
Administrator
Guest
SUPPORT_388945a0
WIN2K3$
krbtgt
IUSR_WIN2K3
IWAM_WIN2K3
evan
gavin
josie
__vmware_user__
WIN2003$
jay
jerry
xh
cdma
HOST/squidlinux
[root@squidlinux root]# wbinfo -g
BUILTINwinbind enum users = yesSystem Operators
BUILTINwinbind enum users = yesReplicators
BUILTINwinbind enum users = yesGuests
BUILTINwinbind enum users = yesPower Users
BUILTINwinbind enum users = yesPrint Operators
BUILTINwinbind enum users = yesAdministrators
BUILTINwinbind enum users = yesAccount Operators
BUILTINwinbind enum users = yesBackup Operators
BUILTINwinbind enum users = yesUsers
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Domain Admins
Domain Users
Domain Guests
Group Policy Creator Owners
DnsUpdateProxy
wt
hhhh
[root@squidlinux root]# wbinfo -r xh
Could not get groups for user xh
不能找到用户所属的组,不确定问题是不是在SAMBA呢?????
编译时用的参数:
./configure --prefix=/usr/local/squid --enable-gnuregex --enable-async-io=80 --enable-icmp --enable-kill-parent-hack --enable-snmp --disable-ident-lookups --enable-err-language="Traditional_Chinese" --enable-poll --enable-linux-netfilter --enable-delay-pools --enable-snmp --enable-cache-digest --enable-auth="basic,ntlm" --enable-baisc-auth-helpers="NCSA" --enable-ntlm-auth-helpers="fakeauth" --enable-underscores --enable-arp-acl --enable-linux-netfilter --enable-external-acl-helpers="wbinfo_group"
配置文件内容:
visible_hostname squidlinux
http_port 3128
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
cache_dir ufs /usr/local/squid/var/cache 1200 16 256
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 hours
external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wbinfo_group.pl
acl ProxyUsers external NT_global_group wt
acl AuthenticatedUsers proxy_auth REQUIRED
http_access allow AuthenticatedUsers ProxyUsers
cache_effective_user test
cache_effective_group test
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
reply_body_max_size 1048576 allow all
目前
squid以test用户运行
如果注释有颜色Blue的几行
客户机(用xh登录)能上网,
否则就不能上网了
这是目前情况
请楼主(可否留个联系方式)帮我看看
谢谢
[ 本帖最后由 xh0871 于 2006-8-23 18:24 编辑 ] |
|