Re: [squid-users] ACL based on User Groups from Valdir Henrique Dias Leite on 2004-04-24 (squid-users)

From: Valdir Henrique Dias Leite <valdirh@dont-contact.us>
Date: Sat, 24 Apr 2004 15:12:37 -0300

Hello Henrik,

Thank you for your answer!

I saw wb_group.pl script, which checks, via winbind calls, if a user is or
not inside a given group.

What I need is to have, 3 ACLs, for example, and divide all my users among
these groups, like:

- ACL 1: All internet access is forbidden, in any day, any time. That will
be applied to all users inside NO_INTERNET_ACESS group
- ACL 2: All internet access is allowed, during work time. Will be applied
to all users inside INTERNET_DURING_WORK_TIME group
- ACL 3: Internet access is allowed for some specified websites (partners,
telephonic companies, banking, etc). Will be applied to users inside
ONLY_WEBSITES_SPECIFIED

So, I need to not only to authenticate the user (working fine with winbind),
but also to get the groups the current user is part. And, with this list of
groups, apply on of the three ACL above. Here is my problem. After
authenticating, how to perform the authorization based on which group the
user is in.

I was thinking in pass to squidGuard the name of the group (meaning as a
"login" ou "username") and create the acls with this information (group
name) as user names.

Do you have some pices of squid.conf, smb.conf or even some website
directions that could help me ?

Thanks in advace,

Valdir.

----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "Valdir Henrique Dias Leite" <valdirh@uol.com.br>
Cc: <squid-users@squid-cache.org>
Sent: Wednesday, April 21, 2004 9:19 PM
Subject: Re: [squid-users] ACL based on User Groups

> On Wed, 21 Apr 2004, Valdir Henrique Dias Leite wrote:
>
> > I need to create acls based on windows nt groups for each
> > authenticated user.
>
> Ok. This is most easily done via Samba winbind.
>
> > I was wondering in read all groups on which the user is and
> > use that information to check my ACLs on squidGuard (or even inside
squid).
>
> You can not do this from squidGuard. You need to use Squid acls.
>
> Requires Squid-2.5. Samba-3 recommended.
>
> Regards
> Henrik
>

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.668 / Virus Database: 430 - Release Date: 24/4/2004

Received on Sat Apr 24 2004 - 12:13:27 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:02 MDT