Hey, I can try to test/check this but I am missing the basic Kerberos auth with AD setup. I have a working setup but the transparent authentication is not working for me. Eliezer From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Hideyuki Kawai Hi, this is Kawai. Now, I'm trying to set up squid4.x on centOS, but, have one issue. Please let me send inquiry as followings. ### Requirement ### The squid is required as follows. 1. Kerberos auth with Active Directory : auth_param ..... <- Success 2. "Security group" check which is gotten from AD : external_acl_type ...(using ext_kerberos_ldap_group_acl) <- success 3. Using different outgoing IP based on "Security group" : tcp_outgoing_address + external_acl <- fail (can not work) === sample configuration which I tested. (but, it did not work…) === external_acl_type kerberos_ldap_group1 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl −g GROUP1 external_acl_type kerberos_ldap_group2 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl −g GROUP2 acl group1 external kerberos_ldap_group1 acl group2 external kerberos_ldap_group2 tcp_outgoing_address 10.1.0.1 group1 tcp_outgoing_address 10.1.0.2 group2 ### Inquiry ### Based on the web site, “tcp_outgoing_address” is NOT support "external_acl". Because the external_acl type is slow. In this case, how to configure the squid.conf to satisfy my requirement? Please let me inform your comment and knowledge. Thanks in advance. ------------------------------------- ------------------------------------- |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
