Hi,
Thank for replying I tried to do the change but infortunally it's still not
working...
any other ideas?
Regards,
Joseph L. Casale wrote:
>
>>I have 3 users for my test:
>>
>>Admin (who is member of InternetAccess)
>>User1 (who is a domain account but not member of InternetAccess)
>>User2 (who is a local account of my pc-client)
>
> /snip
>
>>The problem appear with user1 who is supposed to don’t have an access to
>>internet, but after logon on windows he can go through.
>
> /snip
>
>>acl xptest src 10.100.30.0/255.255.255.0
>
> /snip
>
>>http_access allow xptest
>
>
> Who's xptest? You allowed that whole subnet through?
>
> I am not an expert, but I do it like this:
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp --require-membership-of=DOMAIN\\GROUP
> auth_param ntlm children 5
>
> acl ntlm proxy_auth REQUIRED
> acl our_networks src 192.168.0.0/24 192.168.2.0/24
>
> http_access allow ntlm our_networks
> http_access deny all
>
> HTH,
> jlc
>
>
>
-- View this message in context: http://www.nabble.com/Squid-3.0-and-Active-Directory-tp22180799p22199795.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Wed Feb 25 2009 - 10:06:25 MST
This archive was generated by hypermail 2.2.0 : Wed Feb 25 2009 - 12:00:01 MST