Gontzal wrote:
2009/7/28 Nick Duda <nduda@xxxxxxxxxxxxxx>:
Sorry for the silly question, I've been using squid to allow access to users on a domain, but how can I limit access to users only in a certain security group on the domain.
- Nick
I understand it is working fine authenticating against AD so:
Once you have created your AD groups, you have to set some acls
depending on the AD group, for example:
acl GR_OFICIAL external winbind_group G_2_NAV_Oficial
acl GR_NORMAL external winbind_group G_3_NAV_Estandar
acl GR_AVANZADO external winbind_group G_4_NAV_Avanzada
And then you just allow/deny access to those acls, for example:
http_access allow GR_OFICIAL paratodos permitidos
http_access allow GR_NORMAL permitidos !ficheros_download
http_access allow GR_AVANZADO permitidos
Good luck
There is a missing "external_acl_type" directive in that example, which
defines the "winbind_group" ACL type.
I'd suggest checking the Squid source directory for
"/helpers/external_acl/mswin_ad_group/". There is a readme file that
gives good documentation on its use. It can be compiled with Squid by
using the "--enable-external-acl-helpers=mswin_ad_group" compile option.
Chris
