On 23/12/13 21:34, Javed Iqbal wrote:
I am using transparent proxy as middle in the man. I want to integrate
squid with active directory, and then want to make acl of group of
users. Users wil be aded into active directory. Is this possible in
latest squid.
You should have basic acls that you do allow to everyone and ontop of
that allow only to authenticated users.
For example: yahoo.com (news section) will be allowed to all while
google.com will be allowed only to authenticated users.
Build your logic since the only way to use users is by strict
configuration in the browser or applying these using Active Directory
policies.
It can be very simple to just apply a rule that will force the users
computers to use a proxy while not allowing any direct access to the
Internet based on simple FW rules.
If someone complains that something is not working for him it's very
nice but he now knows the policy of the company that do no allow direct
access to the Internet.
You can test the policies on a test lab and see if it fits you or not.
The combination of AD should be implemented with kerberos.
All The Bests,
Eliezer