Re: [squid-users] proxyauth for certain active directory users

From: Chris Robertson <crobertson_at_gci.net>
Date: Tue, 28 Jul 2009 09:45:33 -0800

Gontzal wrote:
> 2009/7/28 Nick Duda <nduda_at_vistaprint.com>:
>> Sorry for the silly question, I've been using squid to allow access to users on a domain, but how can I limit access to users only in a certain security group on the domain.
>>
>> - Nick
>>
>>
> I understand it is working fine authenticating against AD so:
>
> Once you have created your AD groups, you have to set some acls
> depending on the AD group, for example:
>
> acl GR_OFICIAL external winbind_group G_2_NAV_Oficial
> acl GR_NORMAL external winbind_group G_3_NAV_Estandar
> acl GR_AVANZADO external winbind_group G_4_NAV_Avanzada
>
> And then you just allow/deny access to those acls, for example:
>
> http_access allow GR_OFICIAL paratodos permitidos
> http_access allow GR_NORMAL permitidos !ficheros_download
> http_access allow GR_AVANZADO permitidos
>
>
> Good luck
>

There is a missing "external_acl_type" directive in that example, which
defines the "winbind_group" ACL type.

I'd suggest checking the Squid source directory for
"/helpers/external_acl/mswin_ad_group/". There is a readme file that
gives good documentation on its use. It can be compiled with Squid by
using the "--enable-external-acl-helpers=mswin_ad_group" compile option.

Chris
Received on Tue Jul 28 2009 - 17:45:48 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 28 2009 - 12:00:05 MDT