Sorry Henrik, think I just sent this reply back to you.. not the whole group..
Great.. thanks,
Just to clarify, to use wbinfo_group.pl, I need to:
1. Add Domain Local group to Active Directory called Internet-Allowed (name not important)
2. Add 'external_acl_type ADS %LOGIN /usr/lib/squid/wbinfo_group.pl' to squid.conf
3. Add 'aclInternet-Allowed external ADS Internet-Allowed' to squid.conf
4. Add 'http_access allow Internet-Allowed all'
That is what I am able to piece together from Google..
Two
questions. In doing this before for other clients, I have used
DansGuardian and used filter groups. This customer doesn't want to
filter, they just want to allow or deny access. I was pretty sure
Squid could do this and that is why I am trying to figure out the
wbinfo_group stuff. In the past, I have messed up where to put the
acl's (in which order) and the http_access (again, in which order).
Any advice on where these would go (or where they HAVE to go)?
Second
question.. does this mean anyone not in this group will not have
Internet.. or do I have to do a deny acl/http_access combo?
Thanks for clearing this up...
----- Original Message ----
From: Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx>
To: nairb rotsak <ipguru99@xxxxxxxxx>
Cc: squid-users@xxxxxxxxxxxxxxx
Sent: Wednesday, August 20, 2008 5:44:48 PM
Subject: Re: if this is posted somewhere.. please tell me where to go... AD groups
On ons, 2008-08-20 at 08:39 -0700, nairb rotsak wrote:
> The 2nd one is what I pretty much used to get this far...
>
> I just don't know how to tie it all together.. and I have looked at the wbinfo_group.pl.. but not sure if I need to go that far??
far?
wbinfo_group.pl is the easiest way to get group lookups if you have
already done NTLM via Samba..
Regards
Henrik
