Hello My environment: Ubuntu 8.04 LTS, Squid 2.6.18, Samba 3.0.28a I am looking to find a way to check with an acl if a user is member of a specific ad-group. On my Squid Proxy Server, I have successfully set up an SSO authentication with the active directory. This works fine. Among other things: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="Domäne\\AD-GroupeA" Now I start with the definition of the acl's. At first I would like to make a badUrls list which is valid for all users to block some sites. This list should not be applied to a group of personal computers (host) and/or a specific AD group. Here is my approach: acl auth proxy_auth REQUIRED acl badurls url_regex "/data/squid/badurls.txt" acl AllowedClients srcdom_regex -i "/data/squid/allowed_clients.txt" acl AllowedGroups proxy_auth -i Domäne/AD-GroupeB http_access allow auth AllowedClients http_access allow auth AllowedGroups http_access deny badurls http_access allow auth http_access deny all The acl with the badurls list and the acl for the AllowedClients are working fine. But with the acl acl AllowedGroups proxy_auth -i Domäne/AD-GruppeB I have great problems. I don't know how I can make an acl who check the membership from an AD-Groupe. I tested many different types of spelling. Unfortunately without success. How can I make an acl using ntlm_auth authentication? Is there a better and easier way to do this? Thank you for your suggestions. Kind regards. Weihnachts-Shopping online: auf Nummer sicher gehen und mit dem MSN Internet Explorer 8 sicher surfen, jetzt kostenlos herunterladen! _________________________________________________________________ Ski-Weltcup: Alle Rennen, alle Resultate und News auf MSN Sport http://sport.ch.msn.com/skialpin/
