We use NTLM Authentication here. The rules that you configure in squid.conf for the most part will only allow or deny access to authenticated users. In other words either everyone is allowed or everyone is denied. With squidGuard you can build an acl based on the option "userlist". Userlist points to a local file with a username on each line. You can then allow/deny based on that list. What I do is using the samba "net ads/rpc" tools, is run a query against the domain controller for certain criteria and build a local list of items. For example, say I want everyone in the company to be denied access to a certain website, except members of the HR department. I would run a query against the domain controller for all members in the HR group and build a local file with these names. I then schedule that as a cronjob to run every so often to keep this list up to date. Now I can create a rule that allows only people from HR (located in the local HREmployee file) access to this website. There are other cool things you can do with the net ads/rpc stuff. My squidGuard redirector urls go to a local php script. This script runs the (exec) command and gives me back results. I've been able to have squidGuard email offenders dynamically when they hit websites they shouldn't have. - Nick -----Original Message----- From: pwasenda@xxxxxxxxx [mailto:pwasenda@xxxxxxxxx] Sent: Tuesday, March 14, 2006 7:24 AM To: Nick Duda Subject: RE: squid acl dhcp thanks for your timely answer, however i don't seem to understand this part of your message, could you kindly elaborate "using net ads ldap searching) you can build custom files of users for processing policies" Quoting Nick Duda <nduda@xxxxxxxxxxxxxx>: > > If your on a domain (AD/NT) look at NTLM authentication. That in > combination with squidGuard (using net ads ldap searching) you can build > custom files of users for processing policies. > > - Nick > > -----Original Message----- > From: pwasenda@xxxxxxxxx [mailto:pwasenda@xxxxxxxxx] > Sent: Tuesday, March 14, 2006 7:15 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: squid acl dhcp > > > I have a LAN with DHCP, and sometimes the ip addresses change, worse > still i have many subnets. > how should i structure my acl's to involve as little administration as > possible. > > only a privileged few should access internet. > > -- > Peter Collins Wasenda > Network Administrator > IT Division, Corporate Services > Uganda Revenue Authority > P.O. Box 7279, Kampala > > Tel: (041)334474,334535 > Mob: 0752-996477 > > > --------------------------------------------------------------- > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > > > > --------------------- > Confidentiality note > The information in this email and any attachment may contain confidential and > proprietary information of > VistaPrint and/or its affiliates and may be privileged or otherwise protected > from disclosure. If you are > not the intended recipient, you are hereby notified that any review, reliance > or distribution by others > or forwarding without express permission is strictly prohibited and may cause > liability. In case you have > received this message due to an error in transmission, please notify the > sender immediately and to delete > this email and any attachment from your system. > --------------------- > > -- Peter Collins Wasenda Network Administrator IT Division, Corporate Services Uganda Revenue Authority P.O. Box 7279, Kampala Tel: (041)334474,334535 Mob: 0752-996477 Mail: pwasenda@xxxxxxxxx --------------------------------------------------------------- ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. --------------------- Confidentiality note The information in this email and any attachment may contain confidential and proprietary information of VistaPrint and/or its affiliates and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you are hereby notified that any review, reliance or distribution by others or forwarding without express permission is strictly prohibited and may cause liability. In case you have received this message due to an error in transmission, please notify the sender immediately and to delete this email and any attachment from your system. ---------------------