Amos Jeffries-2 wrote > On 17/08/2013 1:09 a.m., cheitac wrote: >> Hello all, Recently I tried many helpers to integrate squid with active >> directory. I have 2 domain controllers in my lab environment two windows >> 7 >> machines and centos 6. I'm interesting what is the best way to use squid >> with active directory? I need to control AD User groups. Thanks. > > The Squid wiki contains what you need: > http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory > > Amos I Used this howto and it's fine. But I use Active directory groups for restrictions. Unfortunately *squid_ldap_group* does not works for me. I add Bellow external access lists in my squid conf but i cannot filter AD Groups. ########## Restrict Accountants external_acl_type Accountant_Ldap %LOGIN /usr/lib64/squid/squid_ldap_group -R -K \ -b "dc=myorg,dc=example,dc=local" \ -D squid@xxxxxxxxxx \ -w /etc/squid/ldappass.txt \ -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=Accountants,ou=Myorg Staff,ou=Administration,dc=myorg,dc=example,dc=local))" \ -h dc02.myorg.example.local ########## Restrict Standard Users ### external_acl_type Standard_Users_Ldap %LOGIN /usr/lib64/squid/squid_ldap_group -R -K \ -b "dc=myorg,dc=example,dc=local" \ -D squid@xxxxxxxxxx \ -w /etc/squid/ldappass.txt \ -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=Standard Users,ou=Myorg Staff,ou=Administration,dc=myorg,dc=example,dc=local))" \ -h dc02.myorg.example.local ####################################### ########## ACL acl auth proxy_auth REQUIRED acl MYAccountants external Accountant_Ldap Accountants acl STUsers external Standard_Users_Ldap Standard\ Users acl allowedlists url_regex -i "/etc/squid/Blacklists/Local/allowedlists.txt" acl blacklists url_regex -i "/etc/squid/Blacklists/Local/blacklists.txt" http_access deny !auth http_access allow STUsers allowedlists http_access deny STUsers all http_access deny MYAccountants blacklists http_access allow all ######################################################## if i use *"http_access allow all"* , all authenticated users use internet without restrictions -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-active-directory-integration-tp4661575p4661867.html Sent from the Squid - Users mailing list archive at Nabble.com.
