Hi, community. I need to understand why this rules are not working. My squid is working with AD authentication. I need to allow the group *AD_informatico* to visit facebook only during *maniana_ocio* and *tarde_ocio* and have full access to the web. They are not working. *AD_informatico* can visit facebook without problems. I tryed something like this: *http_access deny !maniana_ocio facebook AD_informatico*, it denies the access but the browser shows a pop-up to login when someone visits facebook or other site that tries to connect to facebook. So, what happens? Here is my squid.conf (a part of it): #################################################### #*******************HELPERS para Active Directory**************************# #################################################### auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --DOMAIN=DOMAIN auth_param ntlm children 30 auth_param ntlm keep_alive off auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Servidor proxy-cache de la DPR auth_param basic credentialsttl 2 hours #---------------------------ACL Active Directory------------------------# external_acl_type Grupos_AD ttl=10 children=10 %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl -d acl AD_informatico external Grupos_AD informatico #--------------------Horarios de acceso --------------------------------# acl maniana_ocio time MTWHF 07:00-07:59 acl tarde_ocio time MTWHF 13:00-13:59 #-----------------------Listado de paginas------------------------------# acl facebook_m url_regex -i "/etc/squid3/ACLs/pagFacebook" acl facebook_t url_regex -i "/etc/squid3/ACLs/pagFacebook" #################################################### #*****************************Reglas***************************************# #################################################### acl auth proxy_auth REQUIRED http_access deny !auth http_access deny after_hours all #-----------------------------Grupo *informatico*----------------------------# http_access allow maniana_ocio facebook_m AD_informatico http_access allow tarde_ocio facebook_t AD_informatico http_access allow AD_informatico http_access deny all One more question: when a I move a user from a group to another in Active Directory, how much time does squid need to know about that change? Thanks and sorry for my english. |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users