On 4/04/2012 9:12 p.m., Jasper Van Der Westhuizen wrote:
This allows my un-authenticated users access to the whitelisted domains and blocks any links in the sites that are not whitelisted(like facebook and youtube). It also allows my authenticated users access to all sites, including whitelisted sites, as well as allowing linked sites like facebook etc.
Do you perhaps see any issue with this setup?
The only problem I forsee is that srcdomain is the clients IP rDNS record. You have to encode into that what group they are in, so its restricted to clients you> have control over rDNS for. In which case you may as well make them static and use src IP checks.
Amos
Hi Amos
I want to change my setup to do authentication for everyone, and based on whether the user is in a specific group or not, allow them access to certain ACL's.
I have a group in AD that should have full access. All users should authenticate. If the user is not in my Internet group then he gets to access a list of sites. If the user is in the Internet group he gets a different ACL to access everything.
Is this possible with NTLM? I don't think it is. How would I approach this?
Like so http://wiki.squid-cache.org/ConfigExamples#Authentication
Amos
