Home > Others

Squid 3.5/windowsad Group

Source: Internet
Author: User
Tags switches squid proxy
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Version:

Os:suse Linux Enterprise Server SP2 (x86_64)

Samba:version 4.4.2-29.4-3709-suse-sle_12-x86_64

Winbind:version 4.4.2-29.4-3709-suse-sle_12-x86_64

Squid:

Squid cache:version 3.5.21

Service Name:squid

Configure options:  '--host=x86_64-suse-linux-gnu '--build=x86_64-suse-linux-gnu '--program-prefix= '-- Prefix=/usr '--exec-prefix=/usr '--bindir=/usr/bin '--sbindir=/usr/sbin '--sysconfdir=/etc '--datadir=/usr/ Share '--includedir=/usr/include '--libdir=/usr/lib64 '--libexecdir=/usr/lib '--localstatedir=/var '-- Sharedstatedir=/usr/com '--mandir=/usr/share/man '--infodir=/usr/share/info '--disable-dependency-tracking '-- Disable-strict-error-checking '--sysconfdir=/etc/squid '--libexecdir=/usr/sbin '--datadir=/usr/share/squid '-- Sharedstatedir=/var/squid '--with-logdir=/var/log/squid '--with-pidfile=/run/squid.pid '--with-dl '-- Enable-disk-io '--enable-storeio '--enable-removal-policies=heap,lru '--enable-icmp '--enable-delay-pools '-- Enable-esi '--enable-icap-client '--enable-useragent-log '--enable-referer-log '--enable-kill-parent-hack '-- Enable-arp-acl '--enable-ssl-crtd '--with-openssl '--enable-forw-via-db '--enable-cache-digests '--enablE-linux-netfilter '--with-large-files '--enable-underscores '--enable-auth '--enable-auth-basic '-- ENABLE-AUTH-NTLM '--enable-auth-negotiate '--enable-auth-digest '--enable-external-acl-helpers=ldap_group, Edirectory_userip,file_userip,kerberos_ldap_group,session,unix_group,wbinfo_group '--enable-stacktraces '-- Enable-x-accelerator-vary '--with-default-user=squid '--disable-ident-lookups '--enable-follow-x-forwarded-for '--disable-arch-native ' build_alias=x86_64-suse-linux-gnu ' Host_alias=x86_64-suse-linux-gnu ' CFLAGS=- Fmessage-length=0-grecord-gcc-switches-o2-wall-d_fortify_source=2-fstack-protector-funwind-tables- Fasynchronous-unwind-tables-g-fpie-fpic-dopenssl_load_conf ' ldflags=-wl,--as-needed-wl,--no-undefined-wl,-z, Relro,-z,now-pie ' Cxxflags=-fmessage-length=0-grecord-gcc-switches-o2-wall-d_fortify_source=2-fstack-protector -funwind-tables-fasynchronous-unwind-tables-g-fpie-fpic-dopenssl_load_conf ' pkg_config_path=:/usr/lib64/ pkgconfig:/Usr/share/pkgconfig '


Configuration

    1. Samba:

[Global]

Workgroup = XXXX

Passdb backend = Tdbsam

printing = Cups

Printcap name = Cups

Printcap Cache time = 750

Cups options = raw

Map to Guest = Bad User

Include =/etc/samba/dhcp.conf

Logon Path = \\%l\profiles\.msprofile

Logon home = \\%l\%u\.9xprofile

Logon drive = P:

Usershare Allow guests = No

Add Machine script =/usr/sbin/useradd-c machine-d/var/lib/nobody-s/bin/false%m$

Domain logons = No

Domain master = No

NetBIOS name = Proxy-xxx

Security = ADS

WINS support = No

Realm = xxx.com

Template Homedir =/home/%d/%u

Winbind Refresh Tickets = yes

Idmap Config *: backend = TDB

Idmap Config *: Range = 1000000-1999999

Idmap Config asia:backend = rid

Idmap Config Asia:range = 500-10000000

Winbind Enum users = yes

Winbind enum groups = yes

Winbind Use Default domain = Yes


2./etc/kr5.conf

[Libdefaults]

Default_realm = xxx.com

Clockskew = 300

[Realms]

ASIA. murata.com = {

KDC = X1.XXX.COM

Default_domain = xxx.com

Admin_server = X1.XXX.COM

}


[Logging]

KDC = File:/var/log/krb5/krb5kdc.log

Admin_server = File:/var/log/krb5/kadmind.log

Default = SYSLOG:NOTICE:DAEMON

[Domain_realm]

. asia.murata.com = Asia. Murata.com

[Appdefaults]

Pam = {

Ticket_lifetime = 1d

Renew_lifetime = 1d

Forwardable = True

Proxiable = False

Minimum_uid = 1

Clockskew = 300

external = sshd

Use_shmem = sshd

}


3. Squid

#---------START of PAN China PROXY CONFIG---------

cache_mgr xxx ([email protected]

#---Authentication---

Auth_param NTLM Program/usr/bin/ntlm_auth--HELPER-PROTOCOL=SQUID-2.5-NTLMSSP

Auth_param NTLM Children 300

#auth_param NTLM keep_alive on

Auth_param NTLM max_challenge_reuses 0

Auth_param Basic Program/usr/bin/ntlm_auth--helper-protocol=squid-2.5-basic

Auth_param Basic Children 300

Auth_param Basic Realm Squid proxy-caching Web server

Auth_param Basic Credentialsttl 2 hours

Auth_param Basic CaseSensitive off

#authenticate_ttl 1 hour

External_acl_type Wbinfo_check%login/usr/sbin/ext_wbinfo_group_acl

ACL Allowed_group external Wbinfo_check xxx-internetusers

Http_access Allow Allowed_group allowedsites


#---SETTING & optimization---

Http_port 8888

Icp_port 3130

Hosts_file/etc/hosts

#dns_nameservers 114.114.115.115 114.114.114.114 8.8.4.4 8.8.8.8

Half_closed_clients off

Maximum_object_size 4 MB

Ipcache_size 10240

Ignore_expect_100 on

#never_direct Allow all

#forwarded_for Delete

#via off

Cache_swap_low 90

Cache_swap_high 95

Memory_pools off


4. TEST Result

Kinit User

Klist

NET Ads join-u Admin (join domain)

WBINFO-T (confirm the result of joining domain)

Wbinfo--group-info xxx\\domin\ Users (if error, please enable IPv6, smb.conf Idmap)

Wbinfo-a xxx\\testuser% ' password ' (test the domain user and password)

5./usr/sbin/exe_wbinfo_group_acl

Authen Windows AD Group members.


Squid parameter explain:

1.max_user_ip (one user with 2 IP address would be is deny in bellow settings)

2.proxy_auth REQUIRED (AD uers No need password, others need username and password.)

3.Authenticate_ip_ttl (squid Remember the user with IP address time)

ACL FOO max_user_ip 2
ACL BAR Proxy_auth REQUIRED
http_access deny FOO
http_access allow BAR

2.

This article is from the "Mo Sky" blog, please be sure to keep this source http://silversnow.blog.51cto.com/285506/1974577

Squid 3.5/windowsad Group

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
squid vpn squid unix squid tail squid proxy youtube install squid proxy squid web proxy free squid proxy appliance

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More