fre 2009-08-07 klockan 21:34 -0400 skrev michel_at_casa.co.cu:
> Using squid 2.6 on my work, I have a group of users who connect by
> dial-up access to a NAS and a server freeradius to authenticate each
> time they log my users are assigned a dynamic IP address, making it
> impossible to create permissions without authentication by IP address.
Ok.
> I want to create a script for when you get a request to the squid from
> the block of IP addresses, run a script that reads the username and IP
> address from the server freeradius radwho tool that shows users
> connected + ip address or mysql from which you can achieve the same
> process
The user= result interface of external acls is intended for exacly this
purpose.
What you need is a small script which reads IP addresses on stdin (one
at a time) and prints the following on stdout:
OK user=radiususername
if the user is authenticated via radius, or
ERR
if the user is not and should fall back on other authentication methods.
You can then plug this into Squid using external_acl_type, and bind an
acl to that using the external acl type. Remember to set ttl=nnn and
negative_ttl=nnn as suitable for your purpose.
Regards
Henrik
Received on Sun Aug 09 2009 - 21:04:50 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 11 2009 - 12:00:02 MDT