Terry Dobbs wrote:
Hey
I have a transparent proxy setup using squid, winbind, samba, etc... I
got sick of manually blocking IP addresses from accessing the internet
and stumbled across an article (thank god for google!) that allows
access based on AD Group.
It pretty much looks like...
external_acl_type ntgroup %LOGIN /usr/lib/squid/wbinfo_group.pl
acl NoInternet external ntgroup NoInternet
Then there is the http_access deny line that denies the NoInternet
group.
This seems to work fine, if a user belongs to the NoInternet group they
are prompted for Username/Password and even if they put in the correct
credentials they aren't allowed to go anywhere.
My question is, instead of prompting for username/password if a user
belongs to the group, how do I just redirect them to a page? No other
time is my users prompted for authentication as it uses the NT "pass
through" credentials, so not sure why it wants to prompt now.
Hoping someone out there is doing something similar?
The credientials are asked again because auth is the last option to
complete the http_access rule.
There is a hack/workaround of adding 'all' as the last item on the line
which apparently prevents the credentials being sought if they fail the
first time.
I suspect your other rules go something like
http_access !noauth localnet
which has the same effect of not requesting again on failure.
Amos
