apt-get install squid smbclient krb5-config krb5-user telnet ntpd tcpdump strace wget openssh-client

[global]
workgroup=DOMAINE
realm = DOMAINE.LOCAL
netbios name=PROXY
security = ADS
log file = /var/log/samba/%m.log
max log size = 50
password server = dc01.domain.local, dc02.domain.local
encrypt passwords = yes
domain master = no
domain logons = no
dns proxy = no
os level = 17
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind use default domain = yes
;winbind separator = /
winbind enum users = yes
winbind enum groups = yes
printcap name = /dev/null
load printers = no
printing = bsd

[libdefaults]
default_realm = DOMAIN.LOCAL
clock_skew = 300
ticket_lifetime = 24000
forwardable = yes
default_tgs_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
default_tkt_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
preferred_enctypes = DES-CBC-CRC DES-CBC-MD5 RC4-HMAC
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
DOMAIN.LOCAL = {
master_kdc = dc01.domain.local
kdc = dc02.domain.local
admin_server = dc01.domain.local
default_domain = DOMAIN.LOCAL
}
[domain_realm]
.domain.local = DOMAIN.LOCAL
domain.local = DOMAIN.LOCAL
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
  debug = true
  ticket_lifetime = 36000
  renew_lifetime = 36000
  forwardable = true
  krb4_convert = false
}

http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_dir ufs /opt/squid-spool 5000 16 256
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Proxy
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl NTLM proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow NTLM
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname proxy.domain.local
append_domain .domain.local
forwarded_for off
error_directory /usr/share/squid/errors/French
coredump_dir /opt/squid-spool

chown root:proxy /var/run/samba/winbindd_privileged

net ads join -U Administrateur

wbinfo -u
wbinfo -g