Hi. Thanks. With "take" a mean... to control which group a user belongs. So I can apply acl, etc to that groups. Like this in ldap # Active Directory auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b "cn=Users,dc=example,dc=lan" -D squid@xxxxxxxxxxx -w 123456 -f sAMAccountName=%s -v 3 -s sub -h 192.168.1.109 auth_param basic children 10 auth_param basic realm SQUID auth_param basic credentialsttl 2 hour external_acl_type grupos ttl=360 %LOGIN /usr/lib64/squid/ext_ldap_group_acl -d -R -b "dc=example,dc=lan" -D squid@xxxxxxxxxxx -w 123456 -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=grupos,dc=example,dc=lan))" -h 192.168.1.109 acl ifull external grupos ifull acl icontrol external grupos icontrol But, in this way the web browser ask for user... and i want automatically take the user that is logging on PC. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/SSO-ldap-kerberos-tp4679470p4679484.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
