On 26/09/2015 2:22 a.m., Veronica Ovando wrote: > Thank you so much for your answer, Amos. It was really usefull.! > > In addition, I would like to create groups in AD and access policies to > those groups. For example, the group "Blocked" will not access to > internet, "Restricted" will be able to browse some domains, etc. For > that taks, I use the ext_ldap_group_acl in this way: > > auth_param ntlm program /usr/bin/ntlm_auth --diagnostics > --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN > auth_param ntlm children 10 > auth_param ntlm keep_alive on > # > auth_param basic program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-basic > auth_param basic children 50 > auth_param basic realm Squid > auth_param basic credentialsttl 2 hours > # > external_acl_type AD_Grupos ttl=10 children=10 %LOGIN > /usr/lib/squid3/ext_ldap_group_acl -b "dc=domain,dc=com" -d -D > squid@xxxxxxxxxx -W etc/squid3/ldappass.txt -f > "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=SquidGroups,dc=domain,dc=com))" > -h dc@xxxxxxxxxx > > Is this correct? I am newbie with this kind of features. It looks kind of alright. But I'm not very familiar with LDAP syntax. So I may be wrong. You still need the ACL definitions using those helpers and http_access rules defining your access policy though. FWIW: The config examples for authentication, with or without groups, can be found here: <http://wiki.squid-cache.org/ConfigExamples/#Authentication> Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
