Hi,
I've succcessfully made squid authenticate against an AD environment
but now I would like to use access groups I've defined in the AD
itself. I have an group called Internet and another called somesites.
Internet group would have full internet access as it's name suggests
and somesites group would have access to a limited number of sites.
This is what I have so far in my squid.conf
external_acl_type Group ttl=1 %LOGIN /usr/lib/squid3/squid_ldap_group
-d -R -K -b dc=domain,dc=com -D squid@xxxxxxxxxx -W
/etc/squid3/ldappass -f
(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Users,dc=domain,dc=com)) -h
dc1.domain.com
acl password proxy_auth REQUIRED
acl GroupInternet external Group internet
acl Groupsomesites external Group somesites
acl sites dstdomain /etc/squid3/sitesfile
http_access allow sites password Groupsomesites
http_access allow password GroupInternet
http_access deny all
So far what I've achieved was that squid asks for the first group but
it does not ask for the second group. At least that's what the cache
log tells me when I put it in debug level 9.
It asks for "user somesites" when it validates the first http_access
but when it goes to the second http_access it doesn't ask for "user
internet", it's like it doesn't know what to do with it.
the version of squid is 3.1.19 by the way.
Please help me with this. I am stuck.
thanks in advance,
Osmany
----- Terminar mensaje reenviado -----