Sorry, I just mean the authentication is transparent. Where, the users just open up IE and don't need to login, it passes the credentials from Windows... -----Original Message----- From: Adrian Chadd [mailto:adrian@xxxxxxxxxxxxxxx] Sent: Tuesday, November 27, 2007 9:36 PM To: Terry Dobbs Cc: squid-users@xxxxxxxxxxxxxxx Subject: [Bulk] Re: Anyone Use wbinfo_group.pl? How do you mean "transparent proxy" ? Are you referring to the authentication being transparent, or are you referring to using port 80 TCP redirection rather than statically controlled proxy configurations in browsers? Adrian On Tue, Nov 27, 2007, Terry Dobbs wrote: > Hey > > I have a transparent proxy setup using squid, winbind, samba, etc... I > got sick of manually blocking IP addresses from accessing the internet > and stumbled across an article (thank god for google!) that allows > access based on AD Group. > > It pretty much looks like... > > external_acl_type ntgroup %LOGIN /usr/lib/squid/wbinfo_group.pl > acl NoInternet external ntgroup NoInternet > > Then there is the http_access deny line that denies the NoInternet > group. > > This seems to work fine, if a user belongs to the NoInternet group they > are prompted for Username/Password and even if they put in the correct > credentials they aren't allowed to go anywhere. > > My question is, instead of prompting for username/password if a user > belongs to the group, how do I just redirect them to a page? No other > time is my users prompted for authentication as it uses the NT "pass > through" credentials, so not sure why it wants to prompt now. > > Hoping someone out there is doing something similar? > > Thanks! -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA - -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.16.8/1154 - Release Date: 11/27/2007 11:40 AM