При настройке этой связке опирался на статью http://www.lissyara.su/articles/freebsd ... ejik-ntlm/
Собственно все запускается без ошибок, самс работает, сквид тоже, базы данных успешно созданы, самс видит пользователей домена, а следовательно и winbind работает замечательно. Проверял как работает хэлпер /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic-хелпер работает на ура. Но проблема заключается в том, что авторизации как я понимаю никакой и не происходит. Прокси пускает в инет всех и вся, даже тех пользователей, которые вовсе в домене не состоят.
На всякий случай выложу конфиг сквиды и логи оного. Может кто подскажет что я сделал не так.
squid.conf
Код: Выделить всё
# created by SAMS _sams_ 2013-7-3 10:16:50
#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8<---># RFC1918 possible internal network
acl localnet src 172.16.0.0/12<># RFC1918 possible internal network
acl localnet src 192.168.0.0/16># RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80<><------># http
acl Safe_ports port 21<><------># ftp
acl Safe_ports port 443><------># https
acl Safe_ports port 70<><------># gopher
acl Safe_ports port 210><------># wais
acl Safe_ports port 1025-65535<># unregistered ports
acl Safe_ports port 280><------># http-mgmt
acl Safe_ports port 488><------># gss-http
acl Safe_ports port 591><------># filemaker
acl Safe_ports port 777><------># multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
#http_access deny all
# And finally deny all other access to this proxy
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="UST+proxy_connection"
auth_param ntlm children 30
auth_param ntlm keep_alive off
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="UST+proxy_connection"
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
http_access allow localhost
acl UST proxy_auth REQUIRED
http_access allow UST
http_access deny all
# Squid normally listens to port 3128
http_port 3128
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/squid/cache 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/squid/cache
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:<-><------>1440<-->20%<--->10080
refresh_pattern ^gopher:<------>1440<-->0%<---->1440
refresh_pattern -i (/cgi-bin/|\?) 0<--->0%<---->0
refresh_pattern .<-----><------>0<----->20%<--->4320
Код: Выделить всё
1372827627.312 6030 192.168.2.186 TCP_MISS/200 2257 CONNECT aus3.mozilla.org:443 - DIRECT/63.245.217.44 -
1372827651.897 80 192.168.2.186 TCP_MISS/200 494 GET http://chat17.livetex.ru/? - DIRECT/62.33.104.143 text/javascript
1372827702.025 101 192.168.2.186 TCP_MISS/200 494 GET http://chat17.livetex.ru/? - DIRECT/62.33.104.143 text/javascript
1372827752.233 90 192.168.2.186 TCP_MISS/200 494 GET http://chat17.livetex.ru/? - DIRECT/62.33.104.143 text/javascript
1372827802.373 98 192.168.2.186 TCP_MISS/200 494 GET http://chat17.livetex.ru/? - DIRECT/62.33.104.143 text/javascript
1372827852.492 85 192.168.2.186 TCP_MISS/200 492 GET http://chat17.livetex.ru/? - DIRECT/62.33.104.143 text/javascript
1372827902.631 93 192.168.2.186 TCP_MISS/200 494 GET http://chat17.livetex.ru/? - DIRECT/62.33.104.143 text/javascript
1372827952.776 89 192.168.2.186 TCP_MISS/200 494 GET http://chat17.livetex.ru/? - DIRECT/62.33.104.143 text/javascript
/var/log/squid/cache.log
Код: Выделить всё
2013/07/03 09:06:04| Open FD READ/WRITE 8 DNS Socket IPv4
2013/07/03 09:06:04| Open FD UNSTARTED 9 ntlm_auth #1
2013/07/03 09:06:04| Open FD READ/WRITE 10 Waiting for next request
2013/07/03 09:06:04| Open FD UNSTARTED 11 ntlm_auth #2
2013/07/03 09:06:04| Open FD UNSTARTED 13 ntlm_auth #3
2013/07/03 09:06:04| Open FD UNSTARTED 15 ntlm_auth #4
2013/07/03 09:06:04| Open FD UNSTARTED 17 ntlm_auth #5
2013/07/03 09:06:04| Open FD UNSTARTED 19 ntlm_auth #6
2013/07/03 09:06:04| Open FD UNSTARTED 21 ntlm_auth #7
2013/07/03 09:06:04| Open FD UNSTARTED 23 ntlm_auth #8
2013/07/03 09:06:04| Open FD UNSTARTED 25 ntlm_auth #9
2013/07/03 09:06:04| Open FD UNSTARTED 27 ntlm_auth #10
2013/07/03 09:06:04| Open FD UNSTARTED 29 ntlm_auth #11
2013/07/03 09:06:04| Open FD UNSTARTED 31 ntlm_auth #12
2013/07/03 09:06:04| Open FD UNSTARTED 33 ntlm_auth #13
2013/07/03 09:06:04| Open FD UNSTARTED 35 ntlm_auth #14
2013/07/03 09:06:04| Open FD UNSTARTED 37 ntlm_auth #15
2013/07/03 09:06:04| Open FD UNSTARTED 39 ntlm_auth #16
2013/07/03 09:06:04| Open FD UNSTARTED 41 ntlm_auth #17
2013/07/03 09:06:04| Open FD UNSTARTED 43 ntlm_auth #18
2013/07/03 09:06:04| Open FD UNSTARTED 45 ntlm_auth #19
2013/07/03 09:06:04| Open FD UNSTARTED 47 ntlm_auth #20
2013/07/03 09:06:04| Open FD UNSTARTED 49 ntlm_auth #21
2013/07/03 09:06:04| Open FD UNSTARTED 51 ntlm_auth #22
2013/07/03 09:06:04| Open FD UNSTARTED 53 ntlm_auth #23
2013/07/03 09:06:04| Open FD UNSTARTED 55 ntlm_auth #24
2013/07/03 09:06:04| Open FD UNSTARTED 57 ntlm_auth #25
2013/07/03 09:06:04| Open FD UNSTARTED 59 ntlm_auth #26
2013/07/03 09:06:04| Open FD UNSTARTED 61 ntlm_auth #27
2013/07/03 09:06:04| Open FD UNSTARTED 63 ntlm_auth #28
2013/07/03 09:06:04| Open FD UNSTARTED 65 ntlm_auth #29
2013/07/03 09:06:04| Open FD UNSTARTED 67 ntlm_auth #30
2013/07/03 09:06:04| Open FD UNSTARTED 69 ntlm_auth #1
2013/07/03 09:06:04| Open FD UNSTARTED 71 ntlm_auth #2
2013/07/03 09:06:04| Open FD UNSTARTED 73 ntlm_auth #3
2013/07/03 09:06:04| Open FD UNSTARTED 75 ntlm_auth #4
2013/07/03 09:06:04| Open FD UNSTARTED 77 ntlm_auth #5
2013/07/03 09:06:04| Squid Cache (Version 3.1.23): Exiting normally.
2013/07/03 09:06:52| Creating Swap Directories
2013/07/03 09:07:19| Starting Squid Cache version 3.1.23 for amd64-portbld-freebsd9.1...
2013/07/03 09:07:19| Process ID 87713
2013/07/03 09:07:19| With 11095 file descriptors available
2013/07/03 09:07:19| Initializing IP Cache...
2013/07/03 09:07:19| DNS Socket created at 0.0.0.0, FD 7
2013/07/03 09:07:19| Adding domain ust from /etc/resolv.conf
2013/07/03 09:07:19| Adding nameserver 192.168.2.9 from /etc/resolv.conf
2013/07/03 09:07:19| Adding nameserver 192.168.2.16 from /etc/resolv.conf
2013/07/03 09:07:19| helperOpenServers: Starting 30/30 'ntlm_auth' processes
2013/07/03 09:07:19| helperOpenServers: Starting 5/5 'ntlm_auth' processes
2013/07/03 09:07:19| Unlinkd pipe opened on FD 82
2013/07/03 09:07:19| Store logging disabled
2013/07/03 09:07:19| Swap maxSize 0 + 262144 KB, estimated 20164 objects
2013/07/03 09:07:19| Target number of buckets: 1008
2013/07/03 09:07:19| Using 8192 Store buckets
2013/07/03 09:07:19| Max Mem size: 262144 KB
2013/07/03 09:07:19| Max Swap size: 0 KB
2013/07/03 09:07:19| Using Least Load store dir selection
2013/07/03 09:07:19| Set Current Directory to /var/squid/cache
2013/07/03 09:07:19| Loaded Icons.
2013/07/03 09:07:19| Accepting HTTP connections at 0.0.0.0:3128, FD 83.
2013/07/03 09:07:19| HTCP Disabled.
2013/07/03 09:07:19| Adaptation support is off.
2013/07/03 09:07:19| Ready to serve requests.
2013/07/03 09:07:20| storeLateRelease: released 0 objects
2013/07/03 09:09:33| Squid is already running! Process ID 87713
2013/07/03 10:14:15| Reconfiguring Squid Cache (version 3.1.23)...
2013/07/03 10:14:15| FD 83 Closing HTTP connection
2013/07/03 10:14:15| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2013/07/03 10:14:15| aclIpParseIpData: IPv6 has not been enabled.
2013/07/03 10:14:15| aclIpParseIpData: IPv6 has not been enabled.
2013/07/03 10:14:15| Adaptation support is off.
2013/07/03 10:14:15| Store logging disabled
2013/07/03 10:14:15| DNS Socket created at 0.0.0.0, FD 8
2013/07/03 10:14:15| Adding domain ust from /etc/resolv.conf
2013/07/03 10:14:15| Adding nameserver 192.168.2.9 from /etc/resolv.conf
2013/07/03 10:14:15| Adding nameserver 192.168.2.16 from /etc/resolv.conf
2013/07/03 10:14:15| helperOpenServers: Starting 30/30 'ntlm_auth' processes
2013/07/03 10:14:16| helperOpenServers: Starting 5/5 'ntlm_auth' processes
2013/07/03 10:14:16| Accepting HTTP connections at 0.0.0.0:3128, FD 80.
2013/07/03 10:14:16| HTCP Disabled.
2013/07/03 10:14:16| Loaded Icons.
2013/07/03 10:14:16| Ready to serve requests.
2013/07/03 10:16:51| Reconfiguring Squid Cache (version 3.1.23)...
2013/07/03 10:16:51| FD 80 Closing HTTP connection
2013/07/03 10:16:51| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
2013/07/03 10:16:51| aclIpParseIpData: IPv6 has not been enabled.
2013/07/03 10:16:51| aclIpParseIpData: IPv6 has not been enabled.
2013/07/03 10:16:51| Adaptation support is off.
2013/07/03 10:16:51| Store logging disabled
2013/07/03 10:16:51| DNS Socket created at 0.0.0.0, FD 8
2013/07/03 10:16:51| Adding domain ust from /etc/resolv.conf
2013/07/03 10:16:51| Adding nameserver 192.168.2.9 from /etc/resolv.conf
2013/07/03 10:16:51| Adding nameserver 192.168.2.16 from /etc/resolv.conf
2013/07/03 10:16:51| helperOpenServers: Starting 30/30 'ntlm_auth' processes
2013/07/03 10:16:51| helperOpenServers: Starting 5/5 'ntlm_auth' processes
2013/07/03 10:16:51| Accepting HTTP connections at 0.0.0.0:3128, FD 80.
2013/07/03 10:16:51| HTCP Disabled.
2013/07/03 10:16:51| Loaded Icons.
2013/07/03 10:16:51| Ready to serve requests.
2013/07/03 10:20:38| Preparing for shutdown after 140 requests
2013/07/03 10:20:38| Waiting 30 seconds for active connections to finish
2013/07/03 10:20:38| FD 80 Closing HTTP connection
2013/07/03 10:21:09| Shutting down...
2013/07/03 10:21:09| basic/auth_basic.cc(97) done: Basic authentication Shutdown.
2013/07/03 10:21:09| Closing unlinkd pipe on FD 82
2013/07/03 10:21:09| storeDirWriteCleanLogs: Starting...
2013/07/03 10:21:09| Finished. Wrote 0 entries.
2013/07/03 10:21:09| Took 0.00 seconds ( 0.00 entries/sec).
CPU Usage: 1.256 seconds = 0.279 user + 0.977 sys
Maximum Resident Size: 14540 KB
Page faults with physical i/o: 0
Заранее благодарен всем кто откликнется.