RE: [squid-users] squid acl dhcp

We use NTLM Authentication here. The rules that you configure in
squid.conf for the most part will only allow or deny access to
authenticated users. In other words either everyone is allowed or
everyone is denied.

With squidGuard you can build an acl based on the option "userlist".
Userlist points to a local file with a username on each line. You can
then allow/deny based on that list. What I do is using the samba "net
ads/rpc" tools, is run a query against the domain controller for certain
criteria and build a local list of items.

For example, say I want everyone in the company to be denied access to a
certain website, except members of the HR department. I would run a
query against the domain controller for all members in the HR group and
build a local file with these names. I then schedule that as a cronjob
to run every so often to keep this list up to date. Now I can create a
rule that allows only people from HR (located in the local HREmployee
file) access to this website.

There are other cool things you can do with the net ads/rpc stuff. My
squidGuard redirector urls go to a local php script. This script runs
the (exec) command and gives me back results. I've been able to have
squidGuard email offenders dynamically when they hit websites they
shouldn't have.

- Nick

-----Original Message-----
From: pwasenda@ura.go.ug [mailto:pwasenda@ura.go.ug]
Sent: Tuesday, March 14, 2006 7:24 AM
To: Nick Duda
Subject: RE: [squid-users] squid acl dhcp

thanks for your timely answer, however i don't seem to understand this
part of
your message, could you kindly elaborate

"using net ads ldap searching) you can build custom files of users for
processing policies"

Quoting Nick Duda <nduda@VistaPrint.com>:

>
> If your on a domain (AD/NT) look at NTLM authentication. That in
> combination with squidGuard (using net ads ldap searching) you can
build
> custom files of users for processing policies.
>
> - Nick
>
> -----Original Message-----
> From: pwasenda@ura.go.ug [mailto:pwasenda@ura.go.ug]

> Sent: Tuesday, March 14, 2006 7:15 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] squid acl dhcp
>
>
> I have a LAN with DHCP, and sometimes the ip addresses change, worse

> still i have many subnets.

> how should i structure my acl's to involve as little administration as

> possible.
>
> only a privileged few should access internet.
>
> --

> Peter Collins Wasenda

> Network Administrator

> IT Division, Corporate Services

> Uganda Revenue Authority

> P.O. Box 7279, Kampala

>
> Tel: (041)334474,334535

> Mob: 0752-996477

>

>
> ---------------------------------------------------------------
>

>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
> ---------------------
> Confidentiality note
> The information in this email and any attachment may contain
confidential and
> proprietary information of

> VistaPrint and/or its affiliates and may be privileged or otherwise
protected
> from disclosure. If you are

> not the intended recipient, you are hereby notified that any review,
reliance
> or distribution by others

> or forwarding without express permission is strictly prohibited and
may cause
> liability. In case you have

> received this message due to an error in transmission, please notify
the
> sender immediately and to delete

> this email and any attachment from your system.
> ---------------------
>
>

--
 Peter Collins Wasenda
 Network Administrator
 IT Division, Corporate Services
 Uganda Revenue Authority
 P.O. Box 7279, Kampala

 Tel: (041)334474,334535
 Mob: 0752-996477
 Mail: pwasenda@ura.go.ug

---------------------------------------------------------------
     

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

---------------------
Confidentiality note
The information in this email and any attachment may contain confidential and proprietary information of
VistaPrint and/or its affiliates and may be privileged or otherwise protected from disclosure. If you are
not the intended recipient, you are hereby notified that any review, reliance or distribution by others
or forwarding without express permission is strictly prohibited and may cause liability. In case you have
received this message due to an error in transmission, please notify the sender immediately and to delete
this email and any attachment from your system.
---------------------
Received on Tue Mar 14 2006 - 06:21:29 MST