On 2/26/06, updatemyself . <updatemyself@xxxxxxxxx> wrote:
> Hai All,
>
> i was trying to setup a squid proxy server with the wb_group authentication.
> in my windows 2003 ADS i am having a group called "internet"
> i need to give internet access for the ppl belongs to that group
>
> in my corrent configuration all users in my domain can authenticate to squid...
>
> I am using following configuration..and i wish to stop that..
> =============================================
> auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
>
> acl password proxy_auth REQUIRED
>
> acl mynet src 172.16.0.0/255.255.0.0
>
> http_access allow mynet password
> ==============================================
>
> can anyone help me.. how i can provide the proxy only for the users in
> ADS group "internet"
>
> Samba version is.. samba-3.0.21b-3
> Squid Version is... squid-2.5.STABLE6-3.4E.11
> Using RHEL 4
>
> Please help me.. to find some valuable docuents to do this..
>
> also can i use 2 authentication system in same time....
> like.. mac_address (arp) + wb_group
>
>
I can only help you , on the mac_addr part of your question :
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.20
Once configured , you can just combine an arp based acl type
with an auth tape based acl type in one http_access statement
to accomplish what you want.
Note that mac based auth has limited functionality because SQUID
can only see mac's that are on the same subnet as the squid box.
In my case, for instance, it wouldn't be usable at all, since SQUID
is on the DMZ, separated from the standard INTRANET.
M.
