Re: Res: RE: [squid-users] --> Simple question about authentication

2003-07-08 Thread Henrik Nordstrom
tis 2003-07-08 klockan 14.43 skrev Alex Carlos Braga Antão:
> Thanks, Adam,
> The problem with external_acls is that I also use NTLM auth, and
> external_acl is good if I have just one auth scheme.

external_acl_type does not care how many auth schemes you have, and
several of the helpers handle both domain\user and user as login name if
asked to.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org

Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.

If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, [EMAIL PROTECTED]



Res: RE: [squid-users] --> Simple question about authentication

2003-07-08 Thread Alex Carlos Braga Antão
Thanks, Adam,
The problem with external_acls is that I also use NTLM auth, and
external_acl is good if I have just one auth scheme. My squid firt
authenticate by NTLM and if the browser does not accepts NTLM (everything
else but IE), it authenticates with BASIC by LDAP. 
For the group I can easly make a filter to ldap_auth to return just
users for a specific group. I already have this filter here...
Thanks... 
Alex C. B. Antão
Analista de Sistemas e Suporte
ICQ: 5144629http://motoviagens.pagina.de
http://e-modelismo.pagina.de
 
 
Um "bom" pouso é aquele do qual você sai caminhando. Um "ótimo" pouso é
aquele depois do qual você pode usar o avião novamente.
---Mensagem original---
 
De: Adam Aube
Data: terça-feira, 08 de julho de 2003 09:31:05
Para: [EMAIL PROTECTED]
Assunto: RE: [squid-users] --> Simple question about authentication
 
> If I change the FULANOS acl to
> acl FULANOS proxy_auth REQUIRED
> What will gonna happen ? Squid will allow access to anyone it can
> authenticate by LDAP ? regardless of my user list on SQUID?
 
Correct. REQUIRED will match any user Squid can successfully authenticate.
 
There is an external_acl LDAP group helper - you could use that to verify
that
your LDAP users are members of a specific group, and base authentication on
that.
 
I've never used the group helpers, so I can't give you any configuration
info, but
you should be able to find it easily on the list archive (search for "LDAP
auth").
 
Adam
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001
.