[squid-users] R: [squid-users] LDAP authentication from Riccardo Castellani on 2010-11-17 (squid-users)

From: Riccardo Castellani <r.castellani_at_usl6.toscana.it>
Date: Thu, 18 Nov 2010 07:52:21 +0100

NO, IP Address is not stored into AD for a signed-in user.
I keep 'acl src' into squid.conf for every IP which needs to go to Internet
and I allow it permission by 'http_access' directive; by this list I'm able
to know what computers can surfing.

-----Messaggio originale-----
Da: Chad Naugle [mailto:Chad.Naugle_at_travimp.com]
Inviato: Wednesday, November 17, 2010 7:53 PM
A: Riccardo Castellani; squid-users_at_squid-cache.org
Oggetto: Re: [squid-users] LDAP authentication

Is the IP Address even stored in Active Directory for a signed-in user?

---------------------------------------------
Chad E. Naugle
Tech Support II, x. 7981
Travel Impressions, Ltd.

>>> "Riccardo Castellani" <ric.castellani_at_alice.it> 11/17/2010 1:46 PM
>>>
I'm using Squid 2.7 Stable3 in my network where some clients are in
workgroup while others in MS domain.
I'm testing LDAP Authentication by Active Directory and It likes that
it
works!

I'd like allowing "web surfing" sequentially according to these rules:

rule 1: by only IP ADDRESS
rule 2: by Active Directory USER (user can navigate from any pc)
rule 3: by Active Directory USER (user can navigate from specific
pc)

Rule 1 is for computers whicg are in workgroup, so there are only local

users.
Rule 2 is for computers in MS domain where every user MUST use his pc
Rule 3 is for computers in MS domain where "special users" (e.g.
director)
who can navigate from any pc.

Can Squid permit this behaviour ?

Travel Impressions made the following annotations
-------------------------------------------------------------
"This message and any attachments are solely for the intended recipient
and may contain confidential or privileged information. If you are not
the intended recipient, any disclosure, copying, use, or distribution of
the information included in this message and any attachments is
prohibited. If you have received this communication in error, please
notify us by reply e-mail and immediately and permanently delete this
message and any attachments.
Thank you."
Received on Thu Nov 18 2010 - 06:52:10 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 18 2010 - 12:00:03 MST