[squid-users] FTP, control on who can and who can't, with external group authentication

Hi all,
Im using squid 2.5 STABLE1 on Solaris 8 with NTLM authentication (include
external group authentication), it works fine all of it.

But I need to make some restriction on who can and who can't do FTP (include
with size), so here is what I did :
(squid.conf)

acl ftp proto FTP
acl auth proxy_auth REQUIRED
acl techuser external NT_global_group SurfeursWebCH-T (user allowed to use FTP)
acl webuser external NT_global_group SurfeursWebCH SurfeursWebCH-T (user alowed
to access internet for browsing)
http_access allow ftp techuser
http_access allow auth webuser
http_access deny all

This two parameter dosen't works, but If I remember right it's resolv in the
current CVS version of squid, du to a need of a second authentication, not to a
big deal for now)
reply_body_max_size 0 allow techuser (unlimited get for techuser)
reply_body_max_size 2000000 allow all (limited get for all user)

but user can do an ftp, here is what I get in my log file:
 1043166154.341 111241 10.137.170.31 TCP_MISS/200 11676396 GET
ftp://sunsite.cnlab-switch.ch/mirror/opera/win/605/ja/java/ow32jaja605j.exe
d-ch-bi1\bi247 DIRECT/195.176.255.9 application/octet-stream ...

and this user is not a member of the techuser group.

Can you help ?

Regards,

Arno

******************************************************************
DISCLAIMER - E-MAIL
-------------------
The information contained in this E-Mail is intended for the named
recipient(s). It may contain certain privileged and confidential
information, or information which is otherwise protected from
disclosure. If you are not the intended recipient, you must not
copy,distribute or take any action in reliance on this information
******************************************************************
Received on Wed Jan 22 2003 - 00:52:40 MST