Hello
My environment: Ubuntu 8.04 LTS, Squid 2.6.18, Samba 3.0.28a
I am looking to find a way to check with an acl if a user is member of a
specific ad-group. On my Squid Proxy Server, I have successfully set up an SSO
authentication with the active directory.
This works fine. Among other things:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
--require-membership-of="Domäne\\AD-GroupeA"
Now I start with the definition of the acl's. At first I would like to make a
badUrls list which is valid for all users to block some sites. This list should
not be applied to a group of personal computers (host) and/or a specific AD
group.
Here is my approach:
acl auth proxy_auth REQUIRED
acl badurls url_regex "/data/squid/badurls.txt"
acl AllowedClients srcdom_regex -i "/data/squid/allowed_clients.txt"
acl AllowedGroups proxy_auth -i Domäne/AD-GroupeB
http_access allow auth AllowedClients
http_access allow auth AllowedGroups
http_access deny badurls
http_access allow auth
http_access deny all
The acl with the badurls list and the acl for the AllowedClients are working
fine. But with the acl acl AllowedGroups proxy_auth -i Domäne/AD-GruppeB I have
great problems. I don't know how I can make an acl who check the membership
from an AD-Groupe.
I tested many different types of spelling. Unfortunately without success. How
can I make an acl using ntlm_auth authentication? Is there a better and easier
way to do this?
Thank you for your suggestions.
Kind regards.
Weihnachts-Shopping online: auf Nummer sicher gehen und mit dem MSN Internet
Explorer 8 sicher surfen, jetzt kostenlos herunterladen!
_________________________________________________________________
Ski-Weltcup: Alle Rennen, alle Resultate und News auf MSN Sport
http://sport.ch.msn.com/skialpin/
