RE: [squid-users] Groups using authentication via wb_auth

Henrik,

> > So, with that being said, I'm stuck. I had planned on creating
groups
> > in the domain, and going about it using wb_group for everything.
Too
> > many "dependencies"... (/me beats head on desk.)
>
> Well.. delegate to the helpdesk of updating the groups on the Squid
> server using vi and you quickly get them on a better mindset..

I work with a group that seems to believe the slow and cumbersome and
inefficient way is the ideal way. We won't mention how pithy I get when
I have to go through and do an inventory of these machines because we
haven't upgraded to something more secure than Win 98 workstations.

> but I would strongly recommend persuing the NT Domain manager that
> having the groups in the domain is the correct approach, both for
> technical and administrative reasons. Updating the groups on the Squid
> server directly is both error prone and cumbersome if you have many
> groups to maintain.

Not likely to happen, but I'm going to try again. He seems to think
that it's one more thing that could go wrong. But, if I let him do the
maintaining of the proxy, I could make him see the error of his ways.
Especially considering we have temps coming in and out all the time who
have various access needs. It's definitely nice to see though that I'm
not the only one who is thinking that way.

> In both cases the http_access rules should be the same.
>
>
> # Access permissions for group1
> acl group1 ... (proxy_auth or wbgroup depending on your setup)
> acl destinations_group1 dstdomain site1 site2 ...
> http_access allow group1 destinations_group1
>
> # Access permissiong for group2
> acl group2 ... (proxy_auth or wbgroup depending on your setup)
> acl destinations_group2 dstdomain site3 site4 ...
> http_access allow group2 destinations_group2
>
> [repeated for each user group]
>
> # Deny any other access
> http_access deny all

You just rule, Henrik. This certainly is much appreciated. I wasn't
completely sure how everything would work, as I haven't completely
finished going through the documentation I have seen for Squid, in
addition to the 21.3 million other things that I've got going wrong this
week as well.

Thanks again Henrik, it truly is much appreciated.

Regards,
Scott
Received on Fri Feb 28 2003 - 13:27:09 MST