Hi, At 15.03 13/11/2006, Roland Schmid wrote:
Hi, we are using the windows version of squid (squid-2.6.STABLE5-NT-bin)and we want to control the access to the internet over the Users who are members in Active Directory (Windows 2000 Domain Controller) This works with the squid_ldap_auth.exe module of squid. In the Howto of squid is given one example how to identificate the users of Windows ADS. Example: auth_param basic program c:/squid/sbin/squid_ldap_auth -P -R -b " DC=ads,DC=local" -D "CN=Squid,CN=Users,DC=ads,DC,local" -w secret -f" (&(objectClass=Person)(userPrincipalName=%s))" 192.168.1.1:3268 auth_param basic children 6 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours My question is, do I have to add each user of ADS to squid.conf? How do I for example deny or allow access to internet of special users of ADS?
On Windows you can also use native Windows helpers for basic, NTLM and Negotiate (SPNEGO/Kerberos) authentication. See mswin_*_auth.txt files for documentation.
You can also use an external ACL Windows native helper for authorization based on AD global groups. See mswin_check_lm_group.txt files for details.
Regards Guido - ======================================================== Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.serassio@xxxxxxxxxxxxxxxxx WWW: http://www.acmeconsulting.it/
