Re: [squid-users] Using a proxy_auth acl to match active directory usernames

From: Adam Aube <aaube@dont-contact.us>
Date: Tue, 25 Nov 2003 21:55:09 -0500

On Tuesday 25 November 2003 09:13 pm, Ken Thomson wrote:
> I have a Squid v2.5 Stable 3 system which uses NTLM authentication to
> authenticate users to an active directory domain. This works fine.
> Only valid domain users can use the proxy.
>
> I also use delay pools to throttle bandwidth - this also works fine.
>
> What I want to do is add new delay pools which will be applied based on
> a proxy_auth acl. I have tried setting this up - but no matter what
> variations I try the acl doesn't seem to be matching up with the users
> selected.

I would recommend you upgrade to 2.5 STABLE4 - there were many bugfixes
involving using NTLM auth in delay_access directives.

Have you considered using an external_acl helper to match against AD groups?
Not only would it make matching easier, it would allow you to move users into
and out of delay pools without having to use squid -k reconfigure.

Adam
Received on Tue Nov 25 2003 - 19:55:12 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:36 MST