At this point no, squid doesn't get user group information from the DC.
what you need to do is replace
acl loggedin proxy_auth REQUIRED
with
acl group1 proxy_auth domain\user domain\user domain\user
acl group2 proxy_auth domain\user domain\user domain\user
and something like
http_access deny special_sites group1
http_access allow normal_sites group1
http_access allow normal_sites group2
Rob
----- Original Message -----
From: "Jakob Curdes" <jc@info-systems.de>
To: <squid-users@ircache.net>
Sent: Friday, November 03, 2000 12:30 AM
Subject: [SQU] help with ntlm authentication needed
> I want to set up squid so that the user name is gathered from the nt
domain controller.
> I managed to get the ntlm authentication working. Now the second point is
that I want to
> restrict proxy access to certain users or a certain group. How can I
achieve this ?
> The problem is that as squid matches the first acl operator, after the
successful
> authentication with the nt domain controller how do I impose further
restrictions ?
> And if I place another acl operator containing a group or user restriction
before
> the proxy_auth term, I get the user/password dialog that I wanted to
avoid.
>
> Or am I on the wrong track ? Is there a solution which uses a group or
user scheme on
> the nt domain controller (as ms proxy does) ?
>
> Any hints welcome,
> Jakob Curdes
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Thu Nov 02 2000 - 06:06:58 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:13 MST