-----Messaggio originale-----
Da: Amos Jeffries
"Riccardo Castellani" 11/17/2010 1:46 PM
I'm using Squid 2.7 Stable3 in my network where some clients are in
workgroup while others in MS domain.
I'm testing LDAP Authentication by Active Directory and It likes that
it
works!
I'd like allowing "web surfing" sequentially according to these rules:
rule 1: by only IP ADDRESS
rule 2: by Active Directory USER (user can navigate from any pc)
rule 3: by Active Directory USER (user can navigate from specific
pc)
Rule 1 is for computers whicg are in workgroup, so there are only local
users.
Rule 2 is for computers in MS domain where every user MUST use his pc
Rule 3 is for computers in MS domain where "special users" (e.g.
director)
who can navigate from any pc.
Okay, as promised.
To combine Rules 2 & 3 into a single http_access line for many logins
use an external_acl_type helper. There is one bundled in 2.7 called
"ip_user" which fits this scenario exactly.
Details of its configuration can be found here:
http://www.squid-cache.org/Versions/v3/3.2/manuals/ext_file_userip_acl.html
(ignore the binary name in these docs, it changed in 3.2. The config etc
remain the same).
Alternatively if you maintain any sort of management database to
administrate this for your network a custom helper script can look up
the info directly in there instead of a text file.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.9
Beta testers wanted for 3.2.0.3
