Awesome! Thanks for the general direction pointing. =) One more question before I dive into researching LDAP. I have seen it mentioned in other posts here, but what exactly is the nightly snapshots? Is it a development release or something? I didn't really see anything about it when I was going through the documentation I could find on it, and figure I might as well inquire about it.
Thanks again for getting me pointed in the right direction! Regards, Scott Wrosch desk 248.333.7700 x227 email [EMAIL PROTECTED] > -----Original Message----- > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Sent: Monday, February 24, 2003 4:04 PM > To: Scott Wrosch > Cc: [EMAIL PROTECTED] > Subject: Re: [squid-users] Restricting Authenticated Users > > Piece of cake ;-) > > If your domain is an AD domain then I would recommend ditching msntauth > and go for LDAP instead, or if you prefer using Windows NT domain > techology to use winbind integration via Samba (see the Squid FAQ for > details). > > Squid-2.5 has well evolved support for group based acl controls using > various types of backend user databases such as Window NT Domain, LDAP > (including MSAD and most more/less standard LDAP directories) and many > others with simple scripting. > > > For instructions on how to set up Samba/winbind for Squid see the Suqid > FAQ. > > For instructions on how to set up LDAP authentication see the LDAP > authentication and group tools shipped with current Squid-2.5 nightly > snapshots (what will become 2.5.STABLE2 in a not too distant future). > There is also several posts in the squid-users archives for the last few > months discussing the same topic. > > > If using LDAP then I strongly recommend experimenting a little with > ldapsearch to get familiar to the LDAP structure of MS AD before looking > into the details of howto configure the Squid LDAP authentication/group > integration. The Squid LDAP tools is generic LDAP tools and some of the > parameters to these can only be understood if there is some > understanding of the MS ActiveDirectory LDAP structure.. > > Regards > Henrik > > > Scott Wrosch wrote: > > > What we have is a proxy that is set up to authenticate to the Windows > > 2000 domain using msntauth. That works fabulously. > > > > What my original plan to do was to set it up so that the domains that > > the customer service people need access to, they could get to it > > unrestricted. Then, they would have to be authenticated in order to > > access anything beyond that. And, using msntauth, they wouldn't be > > allowed to. > > > > However, I have had a monkey wrench thrown into those plans, which would > > have been simple and worked well. What now needs to be done is each > > user needs to be put into specific groups. Those specific groups then > > have varying access needs to specific sites. This could then entail > > multiple users being in multiple groups. It's a huge monkey wrench > > because we have 30+ customer service people, most of them would be > > required to be in different groups. > > > > Now, with that being said, I know ACLs would definitely be involved. > > But, what I'm wondering is if there is any simple way to do this. I > > live by KISS (Keep It Simple, Stupid), and to me, things just got > > extraordinarily un-simple. So, I'm looking for any hints, tips, > > suggestions, advice, etc etc etc... > > > > This isn't something that I'm particularly thrilled about, but I don't > > make the decisions. I've been going through the squid.conf file trying > > to figure out possible ways of doing this, but nothing is just coming > > out, slapping me in the face, and saying this is the way to do it! > > > > Thanks in advance for any assistance anyone can offer! > > > > Regards, > > > > Scott Wrosch > > desk 248.333.7700 x227 > > email [EMAIL PROTECTED] > > > > "Our greatest glory is not in never falling > > but in rising every time we fall." -- Confucius
