On Monday 04 August 2003 05.20, Simon Bryan wrote:
> Yes it works from the command line OK with that syntax. Does Squid
> do that automatically? If not how do you configure the acl? I have
> the following at the moment:
>
> acl winauth external wb_group wwwusers
> acl banned external wb_group banned
> acl staff external wb_group Teachers
> acl students external wb_group Students
Looks fine, assuming the external_acl_type directive is correct and
these groups are in the domain Samba has joined to.
Squid sends whatever is defined as format in external_acl_type
followed with whatever data you place in the acl. In case of wb_group
this is %LOGIN from external_acl_type followed by one or more group
names from acl.
Note: If the groups is in a trusted domain then a fully qualified name
needs to be specified (domain\group). wb_group from 2.5.STABLE3 or
later supports fully qualified group names.
Another thing to note is delay_access is not too happy about external
acl types or other acl types which may require an external lookup of
any kind. But it should work pretty good (but still not perfect) if
you force the same acls to be evaluated in http_access.
You can force acls to be evaluated in http_access by using a construct
like this before where you allow the requests
acl none src 0.0.0.0/32
http_access deny acl_to_evaluate none
[repeat the http_access line for each acl to evaluate]
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Mon Aug 04 2003 - 01:44:18 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:33 MST