[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

squid3 + samba

Привет, коллеги.

Кто подскажет?
Есть работающая связка squid3 + winbind (из samba 3.0.24-2)

/etc/squid3/squid.conf

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm keep_alive on

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 30
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

external_acl_type NT_global_group protocol=2.5 ttl=30 children=20 %LOGIN /home/peter/bin/wbinfo_group.sh

wbinfo_group.sh - мой

#!/bin/sh

while read from_squid; do
        user=`echo $from_squid | awk '{print $1}'`
        group=`echo $from_squid | sed -e "s/^[^ ]*//" -e "s/^ //"`
        g_sid=`wbinfo -n "$group" | awk '{print $1}'`
        g_gid=`wbinfo -Y "$g_sid"`
        wbinfo -r "$user" | grep -qs "^$g_gid\$" 2>/dev/null && echo "OK" || echo "ERR"
done

Тот perl'овый, который идет со сквидом не воспринимает группы с пробелом.

В /var/log/squid3/access.log летит вот такое

1171450639.179      1 cleaning-12.mcbfa.local TCP_DENIED/407 2546 GET http://moscowmap.ru/maps_pit.asp? - NONE/- text/html

т.е. с пустым полем user
нормальная запись выглядит так
1171450630.475 45 sales-11.mcbfa.local TCP_MISS/200 563 GET http://favicon.yandex.net/favicon/www.hizone.info MCBFA\razinat DIRECT/213.180.204.36 image/png 

В /var/log/squid3/cache.log летит вот такое
Could not get groups for user TlRMTVNTUAACAAAACgAKADAAAAAFgoGgWUu9cx9qnicAAAAAAAAAAGAAYAA6AAAATQBDAEIARgBBAAIACgBNAEMAQgBGAEEAAQAKAFAAUgBPAFgAWQAEABYAbQBjAGIAZgBhAC4AbABvAGMAYQBsAAMAIgBwAHIAbwB4AHkALgBtAGMAYgBmAGEALgBsAG8AYwBhAGwAAAAAAA== Could not get groups for user TlRMTVNTUAACAAAACgAKADAAAAAFgoGg41Cam94Mf2UAAAAAAAAAAGAAYAA6AAAATQBDAEIARgBBAAIACgBNAEMAQgBGAEEAAQAKAFAAUgBPAFgAWQAEABYAbQBjAGIAZgBhAC4AbABvAGMAYQBsAAMAIgBwAHIAbwB4AHkALgBtAGMAYgBmAGEALgBsAG8AYwBhAGwAAAAAAA== 

Что по сути
00000000  4e 54 4c 4d 53 53 50 00  02 00 00 00 0a 00 0a 00  |NTLMSSP.........|
00000010  30 00 00 00 05 82 81 a0  7d 33 0c e8 66 67 b3 e7  |0.......}3..fg..|
00000020  00 00 00 00 00 00 00 00  60 00 60 00 3a 00 00 00  |........`.`.:...|
00000030  4d 00 43 00 42 00 46 00  41 00 02 00 0a 00 4d 00  |M.C.B.F.A.....M.|
00000040  43 00 42 00 46 00 41 00  01 00 0a 00 50 00 52 00  |C.B.F.A.....P.R.|
00000050  4f 00 58 00 59 00 04 00  16 00 6d 00 63 00 62 00  |O.X.Y.....m.c.b.|
00000060  66 00 61 00 2e 00 6c 00  6f 00 63 00 61 00 6c 00  |f.a...l.o.c.a.l.|
00000070  03 00 22 00 70 00 72 00  6f 00 78 00 79 00 2e 00  |..".p.r.o.x.y...|
00000080  6d 00 63 00 62 00 66 00  61 00 2e 00 6c 00 6f 00  |m.c.b.f.a...l.o.|
00000090  63 00 61 00 6c 00 00 00  00 00                    |c.a.l.....|
0000009a


Что я недокрутил?

--
Peter Teslenko
Reply to: