Hi Kevin, The most helpful thing that I can do, is suggest that you google "external_acl_type nt_group %LOGIN /usr/lib/squid/wbinfo_group.pl" Below is an example of how I implemented it. Hope this helps. auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Domain Proxy Server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off Then an external acl that I believe is the key to getting it talking to the domain. external_acl_type nt_group %LOGIN /usr/lib/squid/wbinfo_group.pl Then my ACLs # Time Ranges # Before work acl before_work time M T W H F 00:00-09:00 # Monday to Friday 11am - 1pm acl morning time M T W H F 11:00-13:00 # Monday - Friday 16:00-23:59 acl afternoon_evening time M T W H F 16:00-23:59 # All weekend acl weekend time A S 00:01-23:59 acl inet_no_restriction external nt_group Internet_Access_No_Restriction acl inet_time_restriction external nt_group Internet_Access_Time_Restricted The my http access lines # Allow No Restriction Domain Group http_access allow auth inet_no_restriction # Allow time restricted group http_access allow auth inet_time_restriction before_work http_access allow auth inet_time_restriction morning http_access allow auth inet_time_restriction afternoon_evening http_access allow auth inet_time_restriction weekend http_access deny inet_time_restriction http_access deny all 2008/9/29 Kevin Kimani <kevinkimani@xxxxxxxxx>: > Hallo guys > Have a small problem. I have set up a squid proxy to authenticate > against active directory and it has worked on a single group in the > active directory. Now i need to authenicate two different groups who > have different permissions on the AD. This is what i did to > authenticate the single group : > "auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > --require-membership-of="BIMSOFT+internet" > auth_param ntlm children 5 > auth_param basic program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-basic > --require-membership-of="BIMSOFT+internet" > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hour > auth_param basic casesensitive off" > > So does anyone have ana idea on how to authenticate both the 'internet > group' and 'interenet_users group' to access the interent and ensure > that the 'internet group' has access to http,https and ftp while the > 'internet_users group' have only access to http. > > Regards > > kevin >
