Hi, I'm new to the list, so my apologies if this has been asked a million times already. I've spent a few days scouring the FAQ's and web for references and I'm completely stuck. I'm a trying to setup an ACL based on group membership in my squid configuration. I'd be grateful if someone could help me out, as I'm soo confused I recon I'm lost altogether :) I'm trying to set it up so that standard users are members of a group called "InternetAccess" which limits access to certain blocked sites like hotmail, yahoomail, and that type of thing. In addition I'm looking to have a an ACL that allows a user to bypass the normal access controls, and have full open access to the web, if they are a member of group "InternetBypass". In the older version of squid I would do this by setting an ACL based on the users hostname and their IP address. But as most new machines are DHCP based it's no longer feasible to work this way. I now need to be able to control the access based on membership of an AD2003 group. I have my squid server configured with samba and NTLM authenticating against AD2003. All appears to be configured correctly from various userid look ups. I have running all the variations of "wbinfo" from the command line and all are returning the information that I expect. e.g If I run "wbinfo -n 'InternetAllowed'" I get back the correct SID of the group. And the squid logs are picking up the userid's in the access.log file. I've so far kinda managed to the get "InternetAccess" group working. In squid I have the following (relevant) lines setup in my config: (lines may get wrapped from my mail client) =====Starts======= external_acl_type ad_group ttl=0 concurrency=5 %LOGIN /usr/local/squid/libexec/wbinfo_group.pl <<...>> auth_param ntlm program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm use_ntlm_negotiate off <<..>> acl AllowedUsers external ad_group InternetAllowed http_access allow AllowedUsers <<..>> ======ENDS=========== It appears to be working right to this point, but I've tried dozens if not hundreds of various possibilities to setup the InternetBypass section but cannot get it to work. Hence my query to you squid guru's. Squid Version - 2.5-Stable12 Samba Version - 3.01.21rc2 Any suggestions you could provide would gratefully be appreciated Thanks in advance. PD
