On Wed, 2 Dec 2009 15:15:15 +0100, Georg Roelli <roellig@xxxxxxxxxxx> wrote: > Hello > > My environment: Ubuntu 8.04 LTS, Squid 2.6.18, Samba 3.0.28a > > I am looking to find a way to check with an acl if a user is member of a > specific ad-group. On my Squid Proxy Server, I have successfully set up an > SSO authentication with the active directory. > This works fine. Among other things: > > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > --require-membership-of="Domäne\\AD-GroupeA" > > Now I start with the definition of the acl's. At first I would like to > make a badUrls list which is valid for all users to block some sites. This > list should not be applied to a group of personal computers (host) and/or a > specific AD group. > Here is my approach: > > acl auth proxy_auth REQUIRED > acl badurls url_regex "/data/squid/badurls.txt" > acl AllowedClients srcdom_regex -i "/data/squid/allowed_clients.txt" > acl AllowedGroups proxy_auth -i Domäne/AD-GroupeB > > http_access allow auth AllowedClients > http_access allow auth AllowedGroups > http_access deny badurls > http_access allow auth > http_access deny all > > The acl with the badurls list and the acl for the AllowedClients are > working fine. But with the acl acl AllowedGroups proxy_auth -i > Domäne/AD-GruppeB I have great problems. I don't know how I can make an acl > who check the membership from an AD-Groupe. > I tested many different types of spelling. Unfortunately without success. > How can I make an acl using ntlm_auth authentication? Is there a better and > easier way to do this? > > Thank you for your suggestions. > > Kind regards. > http://wiki.squid-cache.org/ConfigExamples/Authenticate/NtlmWithGroups Amos
