I do that on my Squid set up. Here's some pertinent cutouts from my squid.conf (I use wb_ntlmauth, btw):
acl IM dstdomain .oscar.aol.com .msg.yahoo.com acl CallCenter proxy_auth "/usr/local/squid/etc/CallCenter" acl Restricted dstdomain .dealerconnection.com .marketingassociates.com .fordfinancial.com .fmcdealer.com .fordcollegegrad.com acl Noelle proxy_auth "/usr/local/squid/etc/Noelle" acl NoelleRestricted dstdomain .google.com .thedirectory.org .mmiworld.com .switchboard.com .usps.com acl InternetDesks proxy_auth "/usr/local/squid/etc/InternetDesks" http_access deny CallCenter IM http_access allow manager localhost http_access allow CallCenter Restricted http_access allow Noelle NoelleRestricted http_access allow InternetDesks http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all The ACL IM is used for restricting the CallCenter group from using IM programs. Not perfect, but no one there is smart enough to foil it. The ACL CallCenter is the listing of the CallCenter user accounts. The Restricted ACL specifies the domains that the CallCenter people are allowed to access. Noelle is a special extension of Restricted ACL. And finally, InternetDesks are the users who are allowed access. Everything else is denied. It's not perfect, but it should give you some idea. -----Original Message----- From: glen hyland [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 03, 2003 12:08 PM To: [EMAIL PROTECTED] Subject: [squid-users] ntlm authentification and groups Is there a way to make a group that is allowed internet access and everyone else is disallowed? I would like to create a group on our client nt/2000 servers, just for internet access, but block all who are not in that group. I have squid and nt authentification working right now, but it doesnt block anyone who is a domain user. Are there scripts or is it just a simple ACL entry? I checked th FAQ, and also the mailing list I didnt find anything. Thanks, Glen __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com
