Hi All
I've been trying to get squid to authenticate against Active Directory
as well as deny access to users in a security group. I have not been
able to get this to work reliably. This is what I have done so far.
In squid.conf, I have these entries
auth_param basic program /usr/local/libexec/squid/
squid_ldap_auth -R -b "dc=atlas,dc=local" -v 2 -D
"cn=adquery,ou=OU_name,dc=my,dc=domain" -w "password" -f
sAMAccountName=%s -h 192.168.2.90
auth_param basic children 5
auth_param basic realm Atlas Protection
auth_param basic credentialsttl 5 minutes
external_acl_type InetGroup %LOGIN
/usr/local/libexec/squid/squid_ldap_group -R -b "dc=my,dc=domain" -v 2
-D "cn=adquery,ou=OU_name,dc=my,dc=domain" -w "password" -f
"(&(objectclass=person)(sAMAccountName=%v)
(memberof=cn=%a,dc=my,dc=domain))" -h 192.168.2.90
acl domain_name proxy_auth REQUIRED src 192.168.2.0/24
http_access allow domain_name
http_access allow localhost
acl InetAccess external InetGroup nointernet
http_access deny InetAccess
I created a security group in AD and put several users in. When these
users try to log on, they get the popup bix to log on but even when
they are in the nointernet group, they can still get on. I am at a
loss. Can anyone please point out what I am doing wrong or help me
with troubleshooting this?
Thanks.
