fre 2009-08-07 klockan 21:34 -0400 skrev michel@xxxxxxxxxx: > Using squid 2.6 on my work, I have a group of users who connect by > dial-up access to a NAS and a server freeradius to authenticate each > time they log my users are assigned a dynamic IP address, making it > impossible to create permissions without authentication by IP address. Ok. > I want to create a script for when you get a request to the squid from > the block of IP addresses, run a script that reads the username and IP > address from the server freeradius radwho tool that shows users > connected + ip address or mysql from which you can achieve the same > process The user= result interface of external acls is intended for exacly this purpose. What you need is a small script which reads IP addresses on stdin (one at a time) and prints the following on stdout: OK user=radiususername if the user is authenticated via radius, or ERR if the user is not and should fall back on other authentication methods. You can then plug this into Squid using external_acl_type, and bind an acl to that using the external acl type. Remember to set ttl=nnn and negative_ttl=nnn as suitable for your purpose. Regards Henrik
