Hi,
At 15.03 13/11/2006, Roland Schmid wrote:
>Hi,
>
>we are using the windows version of squid (squid-2.6.STABLE5-NT-bin)and we
>want to control the access to the internet over the Users who are members in
>Active Directory (Windows 2000 Domain Controller)
>
>This works with the squid_ldap_auth.exe module of squid.
>In the Howto of squid is given one example how to identificate the users of
>Windows ADS.
>Example:
>auth_param basic program c:/squid/sbin/squid_ldap_auth -P -R -b
>" DC=ads,DC=local" -D "CN=Squid,CN=Users,DC=ads,DC,local" -w secret -f"
>(&(objectClass=Person)(userPrincipalName=%s))"
>192.168.1.1:3268
>auth_param basic children 6
>auth_param basic realm Squid proxy-caching web server
>auth_param basic credentialsttl 2 hours
>
>My question is, do I have to add each user of ADS to squid.conf?
>How do I for example deny or allow access to internet of special users of
>ADS?
On Windows you can also use native Windows helpers for basic, NTLM
and Negotiate (SPNEGO/Kerberos) authentication. See mswin_*_auth.txt
files for documentation.
You can also use an external ACL Windows native helper for
authorization based on AD global groups. See mswin_check_lm_group.txt
files for details.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Mon Nov 13 2006 - 14:22:57 MST
This archive was generated by hypermail pre-2.1.9 : Fri Dec 01 2006 - 12:00:03 MST