|
|
|
|
| Компьютерный форум OSzone.net » Linux и FreeBSD » Общий по FreeBSD » FreeBSD - Freebsd и лес Доменов. Squid Отказывает в авторизации |
|
|
FreeBSD - Freebsd и лес Доменов. Squid Отказывает в авторизации
|
|
Новый участник Сообщения: 1 |
Возникла проблема с авторизацией в squid (тип авторизации NTLM) В под доменах. Есть лес доменов сdc1- sigma.local (NEtbios имя Sigma), pdc2-step.sigma.local (NETbios имя step_sigma) pdc3-ber.sigma.local (Netbios имя ber_sigma) они объединены все через IPsec . Нужно что бы все выходили в инте через главный шлюз. Суть проблемы Squid авторизирует пользователе тока с главного домена ( сdc1- sigma.local) остальных динмаит (1253100188.939 42 192.168.4.51 TCP_DENIED/407 1799 GET http://en-us.start2.mozilla.com/firefox? - NONE/- text/html) хоть и видит.
У меня причусвие что я гдето не указал сервер паролей для дополнительных доменов. Подскажите гле это прописывается и синтаксис. Конфиг : SQUID http_port 3128 #https_port 443 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 128 MB error_directory /usr/local/share/errors/Russian-koi8-r maximum_object_size 16384 KB visible_hostname PROXY.SIGMA.LOCAL memory_pools off #memory_pools_limit 10000 cache_dns_program /usr/local/libexec/squid/dnsserver cache_dir ufs /usr/local/squid/cache 5000 16 256 cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log ftp_user enokentiy@sigma.ru quick_abort_pct 60 negative_ttl 1 minutes positive_dns_ttl 6 hours negative_dns_ttl 5 minutes half_closed_clients on cache_mgr admin@sigma.zp.ua cache_effective_user squid cache_effective_group squid forwarded_for off client_db on acl ip src "/usr/local/squid/db/ip.txt" http_access allow ip ##NTLM auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="SIGMA//internet" auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="SIGMA" auth_param ntlm children 5 auth_param ntlm keep_alive on auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="SIGMA//internet" auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="STEP_SIGMA//internet" auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="STEP_SIGMA" auth_param ntlm children 5 auth_param ntlm keep_alive on auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="STEP_SIGMA//internet" #LDAP #BASIC auth_param ntlm keep_alive on auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp -require-membership-of="SIGMA" auth_param basic children 10 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off external_acl_type nt_group %LOGIN /usr/local/libexec/squid/wbinfo_group.pl acl vse_ src 0.0.0.0/0.0.0.0 acl internet external nt_group internet acl internet_limit external nt_group internet_limit acl internet_corp external nt_group internet_corp acl allow_resurs dstdomain "/usr/local/squid/db/allow" acl deny_resurs dstdomain "/usr/local/squid/db/deny" ##acl deny_baners dstdomain "/usr/local/squid/db/pcre" #acl deny_urls dstdomain "/usr/local/squid/db/urls" #acl deny_jurls dstdomain "/usr/local/squid/db/jurls" #acl deny_mp3 dstdomain "/usr/local/squid/db/mp3" #acl deny_porno dstdomain "/usr/local/squid/db/porno" acl mail dstdomain "/usr/local/squid/db/mail" #acl en url_regex -i "/usr/local/squid/db/fuck" #http_access deny internet_corp en #acl deny_uaru dstdomain "/usr/local/squid/db/uaru" #http_access deny internet_corp deny_uaru #http_access deny internet_corp deny_porno #http_access deny internet_corp deny_mp3 #http_access deny internet_corp deny_jurls #http_access deny internet_corp deny_urls #http_access deny internet_corp deny_baners http_access deny internet_corp deny_resurs http_access allow internet_corp http_access allow internet http_access allow internet_limit allow_resurs http_access allow vse_ mail acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 44016 acl Safe_ports port 44017 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all http_reply_access allow all icp_access allow all url_rewrite_program /usr/local/rejik/redirector /usr/local/rejik/redirector.conf smb.conf workgroup = SIGMA server string = Samba Server security = ads hosts allow = 192.168.1. 192.168.2. 192.168.3. 192.168.4. 127. load printers = no show add printer wizard = no printing = none printcap name = /dev/null disable spoolss = yes log file = /var/log/samba/log.%m max log size = 200 password server = osndc.sigma.local step.sigma.local realm = SIGMA.LOCAL passdb backend = tdbsam socket options = TCP_NODELAY local master = no os level = no domain master = no preferred master = no wins server = 192.168.1.2 wins proxy = yes dns proxy = yes display charset = koi8-r unix charset = koi8-r dos charset = cp866 /bin/false %u encrypt passwords = yes winbind separator = / winbind use default domain = yes winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes nt acl support = yes inherit acls = yes map acl inherit = yes [homes] comment = Home Directories browseable = no writable = yes krb5.conf [libdefaults] default_realm = SIGMA.LOCAL clockskew = 300 v4_instance_resolve = false dns_lookup_realm = false dns_lookup_kdc = false dns_get_tickets = false default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } [appdefaults] proxiable = true ticket_lifetime = 24h debug = false forwardable = true krb4_convert = false [realms] SIGMA.LOCAL = { kdc =tcp/osndc.sigma.local admin_server = osndc.sigma.local defualt_domain = sigma.local } STEP.SIGMA.LOCAL = { kdc =tcp/step.sigma.local admin_server = step.sigma.local defualt_domain = step.sigma.local BER.SIGMA.LOCAL = { kdc =tcp/ber.sigma.local admin_server = ber.sigma.local defualt_domain = ber.sigma.local } [domain_realm] .sigma.local = SIGMA.LOCAL sigma.local = SIGMA.LOCAL .step.sigma.local = SIGMA.LOCAL step.sigma.local = SIGMA.LOCAL ber.sigma.local = SIGMA.LOCAL .ber.sigma.local = SIGMA.LOCAL [logging] default = FELE:/var/log/kerberos/krb5libs.log в логе winbind.log встречается такая запись libads/ldap_utils.c:ads_do_search_retry_internal(115) ads reopen failed after error Referral вот тут лежат все мои логи на общем доступе Подскажите что я ещё упустил ftp://91.189.129.242/log/ |
|
|
Отправлено: 17:50, 01-10-2009 |
|
Участник сейчас на форуме |
 |
Участник вне форума |
 |
Автор темы |
 |
Сообщение прикреплено |
| |||||
| Название темы | Автор | Информация о форуме | Ответов | Последнее сообщение | |
| FreeBSD - FreeBSD 7.1 squid auth ldap | kirimey | Общий по FreeBSD | 3 | 05-05-2009 10:45 | |
| FreeBSD - freebsd and ipfw rules + squid | kirimey | Общий по FreeBSD | 2 | 24-04-2009 18:58 | |
| Проблема со SQUID на FreeBSD 7.0 | Phanthom | Программное обеспечение Linux и FreeBSD | 11 | 28-10-2008 14:23 | |
| FreeBSD - Установка FreeBSD и настройка SQUID | ForGroin | Общий по FreeBSD | 3 | 28-01-2008 00:02 | |
| Active Directory: объединение доменов(лесов) в один общий лес | zopon | Microsoft Windows NT/2000/2003 | 1 | 16-10-2006 10:23 | |
|
|
Время: 01:05. | © OSzone.net 2001-
|
|
Powered by: vBulletin Copyright ©2000 - 2025, Jelsoft Enterprises Ltd. |
