RE: [squid-users] ntlm authentification and groups from Scott Wrosch on 2003-06-03 (squid-users)

From: Scott Wrosch <swrosch@dont-contact.us>
Date: Tue, 3 Jun 2003 12:16:15 -0400

I do that on my Squid set up. Here's some pertinent cutouts from my
squid.conf (I use wb_ntlmauth, btw):

acl IM dstdomain .oscar.aol.com .msg.yahoo.com
acl CallCenter proxy_auth "/usr/local/squid/etc/CallCenter"
acl Restricted dstdomain .dealerconnection.com .marketingassociates.com
.fordfinancial.com .fmcdealer.com .fordcollegegrad.com
acl Noelle proxy_auth "/usr/local/squid/etc/Noelle"
acl NoelleRestricted dstdomain .google.com .thedirectory.org
.mmiworld.com .switchboard.com .usps.com
acl InternetDesks proxy_auth "/usr/local/squid/etc/InternetDesks"

http_access deny CallCenter IM
http_access allow manager localhost
http_access allow CallCenter Restricted
http_access allow Noelle NoelleRestricted
http_access allow InternetDesks
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all

The ACL IM is used for restricting the CallCenter group from using IM
programs. Not perfect, but no one there is smart enough to foil it.

The ACL CallCenter is the listing of the CallCenter user accounts.

The Restricted ACL specifies the domains that the CallCenter people are
allowed to access. Noelle is a special extension of Restricted ACL.

And finally, InternetDesks are the users who are allowed access.
Everything else is denied.

It's not perfect, but it should give you some idea.

-----Original Message-----
From: glen hyland [mailto:borknager@yahoo.com]
Sent: Tuesday, June 03, 2003 12:08 PM
To: squid-users@squid-cache.org
Subject: [squid-users] ntlm authentification and groups

Is there a way to make a group that is allowed
internet access and everyone else is disallowed?

I would like to create a group on our client nt/2000
servers, just for internet access, but block all who
are not in that group.

I have squid and nt authentification working right
now, but it doesnt block anyone who is a domain user.

Are there scripts or is it just a simple ACL entry?

I checked th FAQ, and also the mailing list I didnt
find anything.

Thanks,
Glen

__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
Received on Tue Jun 03 2003 - 10:19:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:14 MST