RE: [squid-users] Allowing linked sites - NTLM and un-authenticated users

Jasper,

Sorry to jump in here as the email was addressed to Amos,

We run a configuration very similar to what you want, we use NTLM auth
with squid and dansguardian,

Client > dansguardian > Squid > internet

Dangurdian has the capability to filter traffic based on the username,
there is a perl script also available which can pull the usernames from
your AD group into a specified filter group.

So we have different filter groups for different users..

Hope it helps.

-----Original Message-----
From: Jasper Van Der Westhuizen [mailto:javanderwesthuizen_at_shoprite.co.za]

Sent: 04 April 2012 11:13 AM
To: squid-users_at_squid-cache.org
Subject: RE: [squid-users] Allowing linked sites - NTLM and
un-authenticated users

> This allows my un-authenticated users access to the whitelisted domains
and blocks any links in the sites that are not whitelisted(like facebook
and youtube). It also allows my authenticated users access to all sites,
including whitelisted sites, as well as allowing linked sites like
facebook etc.
>
> Do you perhaps see any issue with this setup?

> The only problem I forsee is that srcdomain is the clients IP rDNS
record. You have to encode into that what group they are in, so its
restricted to clients you > have control over rDNS for. In which case you
may as well make them static and use src IP checks.

>Amos

Hi Amos

I want to change my setup to do authentication for everyone, and based on
whether the user is in a specific group or not, allow them access to
certain ACL's.

I have a group in AD that should have full access. All users should
authenticate. If the user is not in my Internet group then he gets to
access a list of sites. If the user is in the Internet group he gets a
different ACL to access everything.

Is this possible with NTLM? I don't think it is. How would I approach
this?
Received on Wed Apr 04 2012 - 10:07:58 MDT