Ugh, I am trying to get Squid to deny access to a particular AD group, but when I enable the rule, then it denys everyone.
This is what I have in squid.conf # NTLM auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 15 auth_param ntlm keep_alive on # Limit access for Factory users external_acl_type nt_group %LOGIN /usr/lib64/squid/ext_wbinfo_group_acl acl FactoryDeny external nt_group sec_deny_internet http_access deny FactoryDeny acl auth proxy_auth REQUIRED http_access deny !auth http_access allow auth -=- I have verified the ext_wbinfo_group_acl works: <blockquote> [root@fac-proxy squid]# ./ext_wbinfo_group_acl -d Debugging mode ON. user sec_vpn_users Got user sec_vpn_users from squid User: -user- Group: -sec_vpn_users- SID: -S-1-5-21-1978138449-291607360-3720246513-19354- GID: -1677721- Sending OK to squid OK user sec_deny_internet Got user sec_deny_internet from squid User: -user- Group: -sec_deny_internet- SID: -S-1-5-21-1978138449-291607360-3720246513-18148- GID: -1677721- Sending ERR to squid ERR </blockquote> Because this is a production server there's a bunch of traffic on it so I can't catch too much of the log, but this is what I can see with debugging turned on: <blockquote> 2016/09/13 23:22:32.552 kid1| Acl.cc(336) matches: ACLList::matches: checking FactoryDeny 2016/09/13 23:22:32.552 kid1| Acl.cc(319) checklistMatches: ACL::checklistMatches: checking 'FactoryDeny' 2016/09/13 23:22:32.552 kid1| Acl.cc(321) checklistMatches: ACL::ChecklistMatches: result for 'FactoryDeny' is -1 2016/09/13 23:22:32.552 kid1| Acl.cc(343) matches: FactoryDeny failed. 2016/09/13 23:22:32.552 kid1| Acl.cc(354) matches: FactoryDeny result is false </blockquote> If the result is false then the deny should be false and it should continue to the next rule, right? Please help, I don't get it...
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
