On 15.09.10 12:59, Manoj Rajkarnikar wrote: > Thanks for the quick response Marcus. > > The reason I need to limit computer account and not user account is > that people here move out to distant branches and the internet access > policy is to allow to the position they hold, and thus the computer > they will use. I somehow don't understand this. Maybe it's my english. Do you need to control access for the user+computer combination? > I've successfully setup the kerberos authentication but I don't see > how squid will fetch the computer information from client request and > authorize it based on the group membership in AD. What I wish to > accomplish is: > > 1. create a security group in AD > 2. add computer accounts to this security group > 3. squid checks if the computer trying to access internet is member of > this security group. > 4. if not, don't allow access to internet or request of AD user login > that is allowed. This seems that you want to allow access from some computers to the net, no matter which user is logged in. Why not use ip-based or maybe hardware_address-based authentication then? -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Quantum mechanics: The dreams stuff is made of.
