Hi Kevin,
The most helpful thing that I can do, is suggest that you google
"external_acl_type nt_group %LOGIN /usr/lib/squid/wbinfo_group.pl"
Below is an example of how I implemented it. Hope this helps.
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Domain Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
Then an external acl that I believe is the key to getting it talking
to the domain.
external_acl_type nt_group %LOGIN /usr/lib/squid/wbinfo_group.pl
Then my ACLs
# Time Ranges
# Before work
acl before_work time M T W H F 00:00-09:00
# Monday to Friday 11am - 1pm
acl morning time M T W H F 11:00-13:00
# Monday - Friday 16:00-23:59
acl afternoon_evening time M T W H F 16:00-23:59
# All weekend
acl weekend time A S 00:01-23:59
acl inet_no_restriction external nt_group Internet_Access_No_Restriction
acl inet_time_restriction external nt_group Internet_Access_Time_Restricted
The my http access lines
# Allow No Restriction Domain Group
http_access allow auth inet_no_restriction
# Allow time restricted group
http_access allow auth inet_time_restriction before_work
http_access allow auth inet_time_restriction morning
http_access allow auth inet_time_restriction afternoon_evening
http_access allow auth inet_time_restriction weekend
http_access deny inet_time_restriction
http_access deny all
2008/9/29 Kevin Kimani <kevinkimani_at_gmail.com>:
> Hallo guys
> Have a small problem. I have set up a squid proxy to authenticate
> against active directory and it has worked on a single group in the
> active directory. Now i need to authenicate two different groups who
> have different permissions on the AD. This is what i did to
> authenticate the single group :
> "auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> --require-membership-of="BIMSOFT+internet"
> auth_param ntlm children 5
> auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> --require-membership-of="BIMSOFT+internet"
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hour
> auth_param basic casesensitive off"
>
> So does anyone have ana idea on how to authenticate both the 'internet
> group' and 'interenet_users group' to access the interent and ensure
> that the 'internet group' has access to http,https and ftp while the
> 'internet_users group' have only access to http.
>
> Regards
>
> kevin
>
Received on Tue Sep 30 2008 - 08:36:10 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 30 2008 - 12:00:04 MDT