Hi B.
Thanks for your reply. Yes, I am using the properties of the users
objects. I forget how many user accounts we have, but its over 200
users. It's about 20 - 40 that we are trying to restrict though.
Regards,
D.
----- Original Message -----
From: "B" <basti@xxxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Saturday, August 27, 2005 12:11 AM
Subject: Re: Active Directory computer login restrictions
stops Squid authentication for these users
if i get you right, you use properties of the user objects.
my first thought about this was to create organizational units in ad
and
restrict "logon locally" for these users in the computer objects. that
way
users would not have a rstriction to ip's in them but only the
workstations
do.
due to the number of ou's (for every computer there will be one) in
the
directory this will only be useful with a limitde number of users and
workstations.
hope this helps.
Quoting D & E Radel <radel@xxxxxxxxxxx>:
Hi there
Squid is authenticating with no problems with our domain via LDAP.
I wish to use the built-in Active Directory account option to
restrict
which computers a user on our domain can log into (i.e. instead of
being
able to log into 'all computers', just their own). If I enable this
setting, these users no longer access the www through the Squid
proxy.
Obviously there is an option to add other computer names to the list
of
computers that a user can log into (e.g. our squid box).
Our Squid runs on Linux and has not been made a member computer of
our
domain as we are not using winbind or samba. I am not sure how to get
our Squid box to register its IP in the DNS server on our Domain
Controller. I manually added a record in the DNS, but only the full
computer name (including domain name suffix) resolves. There is not
enough space to type the whole name in, under the Active Directory
options.
So I am wondering if figuring out whether investigating any of these
will allow me to still authenticate the users in squid as well as
restricting their ability to log into various local pcs. Or whether
it's
a waste of time. I am not sure on the specifics of how Squid exactly
interacts with AD and whether or not this is possible.
The easiest solution is not to restrict what computers our users can
log
into. But, I'd like to figure out if it's possible to restrict them
and
still have squid authenticate them.
Any tips or ideas greatly appreciated. Many thanks in advance. :-)
D.Radel.
-
b .
