On 14/09/2016 3:34 a.m., erdosain9 wrote: > Hi. > Thanks. > With "take" a mean... to control which group a user belongs. So I can apply > acl, etc to that groups. > > Like this in ldap > > # Active Directory > auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b > "cn=Users,dc=example,dc=lan" -D squid@xxxxxxxxxxx -w 123456 -f > sAMAccountName=%s -v 3 -s sub -h 192.168.1.109 > auth_param basic children 10 > auth_param basic realm SQUID > auth_param basic credentialsttl 2 hour > > external_acl_type grupos ttl=360 %LOGIN /usr/lib64/squid/ext_ldap_group_acl > -d -R -b "dc=example,dc=lan" -D squid@xxxxxxxxxxx -w 123456 -f > "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=grupos,dc=example,dc=lan))" > -h 192.168.1.109 > > > acl ifull external grupos ifull > acl icontrol external grupos icontrol > > But, in this way the web browser ask for user... and i want automatically > take the user that is logging on PC. That is a problem between the browser and the OS. Squid and its helpers only verify what the browser sends them. There is nothing Squid can do except offering various authentication schemes in the hope that the browser can get one of those schemes credentials from the OS. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
