[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: [suse-security] Squid Update ?

Am Donnerstag, 23. Oktober 2003 17:04 schrieb André Sänger:
> Hello Roman,
> Thursday, October 23, 2003, 4:16:01 PM, you wrote:
> > impossible, you mean ftp.suse.com.
> Sorry, you´re right.
> > Please simply try it out.
> As I told I did that and it works. I just wondered if it was the
> proper way to do it.
> Although I found two external helpers to do the job
>   wbinfo_group           matches users to NT groups using wbinfo
>   winbind_group          matches users to NT groups using winbind
> direcly
> neither of them is included in the squid binary rpm.
> Just wondered if there was a reason for that (they are available in
> squid-2.5.STABLE1-63.src.rpm). Or maybe some other way SuSE thought
> of for that functionality.
> So I just tried using wbinfo_group.pl manually.
we are using this together with several Active directory server for 
authentication, but i never found an rpm.
You have to compile a new version of squid (--with-ntlm-auth and 
--with-wb_group or so...), install a recent samba version, start the 
winbind server and try it out! 
By far the trickiest parts were:
- entering the ad domain, receiving and keeping (even after ads reboot!) 
a trusted position (vertrauensstellung, i don't know the english word)
how did anybody else solve this? i'm not content with the skript we 
have, because there's a password in it. 
The Problem is after the ads server reboots, it forgets that the linux 
host is a trusted host and therefore no auth data is being sent 
- finding the exact syntax for wb_group
- integrating the self-compiled squid in webmin for admin purposes.
however, it works, but it's not trivial.
> --
> Best regards,
>  André                            mailto:Andre.Saenger@xxxxxx
Mit freundlichen Grüßen
Markus Feilner
Linux Solutions, Training, Seminare und Workshops - auch Inhouse
Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg
fon: +49 941 70 65 23  - mobil: +49 170 302 709 2 
web: http://feilner-it.net mail: mfeilner@xxxxxxxxxxxxxx

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here