Search squid archive

Re: Squid with AD - missing libraries

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 26/09/2015 2:22 a.m., Veronica Ovando wrote:
> Thank you so much for your answer, Amos. It was really usefull.!
> 
> In addition, I would like to create groups in AD and access policies to
> those groups. For example, the group "Blocked" will not access to
> internet, "Restricted" will be able to browse some domains, etc. For
> that taks, I use the ext_ldap_group_acl in this way:
> 
> auth_param ntlm program /usr/bin/ntlm_auth --diagnostics
> --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN
> auth_param ntlm children 10
> auth_param ntlm keep_alive on
> #
> auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 50
> auth_param basic realm Squid
> auth_param basic credentialsttl 2 hours
> #
> external_acl_type AD_Grupos ttl=10 children=10 %LOGIN
> /usr/lib/squid3/ext_ldap_group_acl -b "dc=domain,dc=com" -d -D
> squid@xxxxxxxxxx -W etc/squid3/ldappass.txt -f
> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=SquidGroups,dc=domain,dc=com))"
> -h dc@xxxxxxxxxx
> 
> Is this correct? I am newbie with this kind of features.

It looks kind of alright. But I'm not very familiar with LDAP syntax. So
I may be wrong.

You still need the ACL definitions using those helpers and http_access
rules defining your access policy though.


FWIW: The config examples for authentication, with or without groups,
can be found here:
<http://wiki.squid-cache.org/ConfigExamples/#Authentication>

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux