I have a client that uses a TS farm as well. If they are using AD and everything is working, you can: 1. Create an AD group called limited-Inet 2. Put the users you want to be restricted in that group 3. Add this to your squid.conf acl our_networks src 192.168.0.0/16 acl NTLMUsers proxy_auth REQUIRED .... other rules and policies.... acl ce external ntgroup squid-ce acl ce_com dstdomain .realinfo.net .icccampus.org .iccsafe.org .realinfo2000.com http_access allow ce ce_com http_access deny ce The users in the AD group squid-ce are allowed to go to the domains listed... denied to everything else. That second to last line... http_access allow ce ce_com ....is an AND statement. users in the 'ce' group (from the squid-ce AD group) AND in the ce_com list are allowed through. If you have someone in the ce group, but trying to go to a different domain than listed, it will fail. ** We also have a group that gets NO internet... we put users in this group and add this at the very beginning (after the REQUIRED statement) external_acl_type ntgroup %LOGIN /usr/lib/squid/wbinfo_group.pl acl NOINTERNET external ntgroup no-internet Works great for us.. good luck! ----- Original Message ---- From: Amos Jeffries <squid3@xxxxxxxxxxxxx> To: 9 denis <9denis@xxxxxxxxx> Cc: squid-users@xxxxxxxxxxxxxxx Sent: Thursday, August 13, 2009 9:00:18 AM Subject: Re: Terminal Server Users 9 denis wrote: > Hi, > > I am pretty new to Squid. I am using Webmin to configure Squid. > > We have Microsoft Windows 2003 Terminal Server on which 50 users login > with their Active Directory ID. I have configured Proxy settings for > all the users using Internet. > Now, we want to block certain websites for only some of the users, how > can I do it? > > Thanks in Advance. > > Regards, > Denis http://wiki.squid-cache.org/SquidFaq Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
