Hi,
I would make the following authentication scheme with squid, if possible :)
My scenario: Windows 2000 Server (that acts as AD domain controller) + SquidNT 2.5.STABLE9 installed on it; domain clients are w98, w2k, wxp with IE 6 SP1. There's a group in AD called "internet", and the members of this group have rights to surf the web.
If a user is member of "internet" group, he logs in the domain and can browse the net -this is very simple to do with win32_check_group.exe helper and appropriate acl, I made it and works fine. If an user, member of domain users and not included in "internet" group logs into domain, naturally he can't surf (he isn't member of "internet" group); I would, in this case, that a login mask is presented by the browser, because can happen that someone have the right username/password (=is member of "internet" group) and permit the surf to this limited user, without have to log-off and log-in the domain again with different credentials. Essentially squid have to do a new membership check for new account nested in the first -that grants the domain membership but not the faculty to surf the web.
ISA server have this kind of behavior, and if could re-create with squit it would be pretty nice.
Bye, eupec
---------------------------------------------------------------
Scegli il tuo dominio preferito e attiva la tua email! Da oggi
l'eMail di superEva e' ancora piu' veloce e ricca di funzioni!
http://webmail.supereva.it/new/
---------------------------------------------------------------
Received on Mon Mar 28 2005 - 15:36:13 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:03 MST