Re: [squid-users] acl proxy_auth problem

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 03 Dec 2009 10:36:10 +1300

On Wed, 2 Dec 2009 15:15:15 +0100, Georg Roelli <roellig_at_hotmail.com>
wrote:
> Hello
>
> My environment: Ubuntu 8.04 LTS, Squid 2.6.18, Samba 3.0.28a
>
> I am looking to find a way to check with an acl if a user is member of a
> specific ad-group. On my Squid Proxy Server, I have successfully set up
an
> SSO authentication with the active directory.
> This works fine. Among other things:
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> --require-membership-of="Domäne\\AD-GroupeA"
>
> Now I start with the definition of the acl's. At first I would like to
> make a badUrls list which is valid for all users to block some sites.
This
> list should not be applied to a group of personal computers (host)
and/or a
> specific AD group.
> Here is my approach:
>
> acl auth proxy_auth REQUIRED
> acl badurls url_regex "/data/squid/badurls.txt"
> acl AllowedClients srcdom_regex -i "/data/squid/allowed_clients.txt"
> acl AllowedGroups proxy_auth -i Domäne/AD-GroupeB
>
> http_access allow auth AllowedClients
> http_access allow auth AllowedGroups
> http_access deny badurls
> http_access allow auth
> http_access deny all
>
> The acl with the badurls list and the acl for the AllowedClients are
> working fine. But with the acl acl AllowedGroups proxy_auth -i
> Domäne/AD-GruppeB I have great problems. I don't know how I can make an
acl
> who check the membership from an AD-Groupe.
> I tested many different types of spelling. Unfortunately without
success.
> How can I make an acl using ntlm_auth authentication? Is there a better
and
> easier way to do this?
>
> Thank you for your suggestions.
>
> Kind regards.
>

http://wiki.squid-cache.org/ConfigExamples/Authenticate/NtlmWithGroups

Amos
Received on Wed Dec 02 2009 - 21:36:14 MST

This archive was generated by hypermail 2.2.0 : Thu Dec 03 2009 - 12:00:01 MST