smb.conf
---------------->
[global]
workgroup = domen
server string = Proxy server
netbios name = proxy
security = ads
realm = domen.ru
password server = pdc.domen.ru
encrypt passwords = yes
winbind separator = +
winbind use default domain = yes
winbind uid = 10000-15000
winbind gid = 10000-15000
winbind enum users = yes
winbind enum groups = yes
hosts allow = 192.168.0 127.0.0.1
log file = /var/log/samba/log.%m
max log size = 50
------------------->nsswitch.conf
------------------------->
group: files winbind
hosts: files dns
networks: files
passwd: files winbind
shells: files
------------------------->
krb5.conf
----------------------->
[libdefaults]
default_realm = DOMEN.RU
clockskew = 300
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
BELKAISET.ru = {
kdc = pdc.domen.ru
admin_server = pdc.domen.ru
}
OTHER.REALM = {
v4_instance_convert = {
kerberos = kerberos
computer = computer.some.other.domain
}
}
[domain_realm]
.domen.ru = DOMEN.ru
------------------------>
squid.conf
------------------->
.......
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
......
acl squidusers proxy_auth REQUIRED squidusers
http_access allow squidusers
-------------------->
На win2k3 создать группу squidusers. Внести в нее пользователей.