I setup an AD Auth'd squid Fedora 14 server a while back which worked fine with NTLM and Basic auth for the client and then used Winbind (Wbinfo_group.pl) for the Security group member checks.
So i had a Squid server that allowed AD users access to certain websites depending on which AD Security group they where a member of.
This was all fine until we changed the company over to Win7/Office2010 and tried to activate...
I now have a new Squid server on F14 but with Negotiate, NTLM and Basic with Squid_LDAP_group to check for Group membership. All works great with activating and general internet access.
All apart from a system AD account that we use for updating gets denied every time. I have found that it is because this user is ONLY part of the SquidFullAccess security group that gives that user full internet access. I have found that this is not really the issue because i added the account back into the Domain Users group and it still didn't work. The problem is that the Users Primary Security Group was NOT Domain users.
It seems that Squid_LDAP_Group ignores any AD object as a user if that object does not have Domain Users as the Primary Group.
Any help/direction/guidance is appreciated.