Hi,
At 15.03 13/11/2006, Roland Schmid wrote:
Hi,
we are using the windows version of squid (squid-2.6.STABLE5-NT-bin)and we
want to control the access to the internet over the Users who are members in
Active Directory (Windows 2000 Domain Controller)
This works with the squid_ldap_auth.exe module of squid.
In the Howto of squid is given one example how to identificate the users of
Windows ADS.
Example:
auth_param basic program c:/squid/sbin/squid_ldap_auth -P -R -b
" DC=ads,DC=local" -D "CN=Squid,CN=Users,DC=ads,DC,local" -w secret -f"
(&(objectClass=Person)(userPrincipalName=%s))"
192.168.1.1:3268
auth_param basic children 6
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
My question is, do I have to add each user of ADS to squid.conf?
How do I for example deny or allow access to internet of special users of
ADS?
On Windows you can also use native Windows helpers for basic, NTLM
and Negotiate (SPNEGO/Kerberos) authentication. See mswin_*_auth.txt
files for documentation.
You can also use an external ACL Windows native helper for
authorization based on AD global groups. See mswin_check_lm_group.txt
files for details.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: [EMAIL PROTECTED]
WWW: http://www.acmeconsulting.it/
