On Mon, 27 Jul 2009 13:50:24 +1000, Harley Jackson Willmott <open.harley@xxxxxxxxx> wrote: > Hey all. > > I've done lots of searching and haven't been able to find examples of > this particular scenario so I'm putting it to you guys for help. > > Basically, my boss has me setting up a Squid server for our company's > primarily Microsoft-based network (We use Active Directory). We've > already got a proxy server set up running Webmarshal. Webmarshal takes > care of all the filtering stuff based on Active Directory membership. > > I'm implementing a Squid server to both cache (obviously) and to > throttle certain users using delay pools. > > The original plan was to have Squid in front of Webmarshal, which > means Squid needs to be able to pass the AD credentials to Webmarshal. > The server itself is running Ubuntu 9.04 Server with > Squid-3.0.STABLE16 compiled with buckets enabled and is joined to our > AD domain through Likewise-Open. I'd like to create ACLs based on > user/group membership in AD, but IPs are fine if that isn't possible. > The main thing is that I -need- the credentials passed to Webmarshal > so that the user isn't prompted to enter their username and password > into their browser (this is how it acts prior to pointing it to > Squid). > > Is this possible with my version of Squid? I've been trying to follow > examples and documentation on the web, but frequently run into > conflicting and/or outdated information. If so, can someone help me > out with an example or something? If not, should I just be putting > Squid behind Webmarshal? Behind would be the quickest fix. Or you could go the whole way and configure Squid AD authentication with groups access control to completely replace WebMarshall. Squid bundles a few external ACL helpers that check group access. The rest is up to how you set what access controls. Amos