Re: [squid-users] NT User Groups from Serassio Guido on 2004-11-10 (squid-users)

From: Serassio Guido <guido.serassio@dont-contact.us>
Date: Wed, 10 Nov 2004 18:07:11 +0100

Hi,

At 04.18 10/11/2004, Robert Trouchet wrote:

>I have spent time searching archives etc but I still do not understand how
>to implement the use of NT groups.
>
>I am using Windows 2000. The Windows version of Squid runs on the server. I
>do not run any Linux (or understand Linux). The Windows version is a binary
>file downloaded from the Squid website rather than the compile it yourself
>version .
>
>I think that the (Win32_check_group text file) may be of some help but I am
>not sure. Is it automatically part of Squid or something separate.
>
>What I am hoping is that someone who understands Squid can give me the
>additions to my squid.conf file to allow me to do the following. (or simple
>directions to what else needs to be done.)
>
>* I have a Domain wide group called NoInternet.
>
>* I want to restrict members of that group from accessing the Internet via
>squid.
>
>* They can log on to any machine so limiting by IP address is not an option
>
>* I do not want them to be asked for a password.
>
> Regards
>
>Bob Trouchet

Merging the info from win32_ntlm_auth.txt, nt_auth.txt and
win32_check_group.txt:

auth_param ntlm program c:/squid/libexec/win32_ntlm_auth.exe
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate on
auth_param basic program c:/squid/libexec/nt_auth.exe
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

external_acl_type NT_global_group %LOGIN
c:/squid/libexec/win32_check_group.exe -G

acl GProxyUsers external NT_global_group GProxyUsers
acl password proxy_auth REQUIRED

http_access allow password GProxyUsers
http_access deny all

In the previous example all validated NT users member of GProxyUsers Global
domain group are allowed to use the cache (Squid 2.5 STABLE7 is needed).

For details on any squid.conf options, see Squid FAQ.
http://www.squid-cache.org/Doc/FAQ/FAQ.html

Regards

Guido

-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Gorizia, 69 10136 - Torino - ITALY
Tel. : +39.011.3249426 Fax. : +39.011.3293665
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Wed Nov 10 2004 - 10:07:45 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST