You might be interested in the external_acl patch.
http://devel.squid-cache.org/external_acl/
Regards
Henrik
Rönnblom Janåke /Teknous wrote:
> I have a squid-2.5dev6 where I want the users to authenticate
> in the background so I chose to use NTLM. However I also
> need the possibility to allow/disallow the users based on
> what group they are member of. I have multiple groups in
> my AD that are called "XX internetaccess". If the user is
> member of any of these "internetaccess" groups they are
> allowed access to the squid.
>
> What I have done is write a perl script which uses LDAP
> to communicate with the AD. The script retreives all user
> names from the groups in the AD and then writes it to a textfile.
> Squid uses fakeauth and checks the username in the textfile. See
> below for my rules.
>
> The script runs every hour from crontab and updates the textfile.
>
> You need one user-account that the script can use to connect as.
>
> I am no expert in either perl or LDAP so this script is ugly and I
> would be glad to accept any changes or suggestion about how
> to improve it.
>
> Perhaps its possible to solve this in any other way and I would appreciate
> any tip.
>
> The scripts has not had any extensive testing yet so if it breaks you get
> to
> keep both pieces.
>
> The rules for squid.conf
>
> ----------------
>
> auth_param ntlm program /usr/lib/squid/fakeauth_auth
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
>
> # allow access to *.skelleftea.se and .*skelleftea.org
> acl skelleftea dstdomain .skelleftea.se .skelleftea.org
> # hmm fungerar detta?
> acl internetaccess proxy_auth "/etc/squid/iagrupp.txt"
>
> http_access allow skelleftea
> http_access allow internetaccess
> http_access deny all
>
> ----------------
>
> If anyone is interested in using this I could probably clean it up a bit.
>
> =====================================================
> Janåke Rönnblom
> SKERIA Utveckling AB (Teknous)
> Assistentgatan 23
> 931 77 Skelleftea (Sweden)
> -----------------------------------------------------
> Phone : +46-910-585424
> Mobile : 070-3970743
> Fax : +46-910-585499
> URL : http://skeria.skelleftea.se
> -----------------------------------------------------
> perlpoet at work:die if !($ToBe);
>
> ------------------------------------------------------------------------
> Name: makeaccess-for-squid.zip
> makeaccess-for-squid.zip Type: Zip Compressed Data (application/x-zip-compressed)
> Encoding: base64
Received on Sat Apr 27 2002 - 06:35:45 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:43 MST