> This allows my un-authenticated users access to the whitelisted domains and > blocks any links in the sites that are not whitelisted(like facebook and > youtube). It also allows my authenticated users access to all sites, > including whitelisted sites, as well as allowing linked sites like facebook > etc. > > Do you perhaps see any issue with this setup?
> The only problem I forsee is that srcdomain is the clients IP rDNS record. > You have to encode into that what group they are in, so its restricted to > clients you > have control over rDNS for. In which case you may as well make > them static and use src IP checks. >Amos Hi Amos I want to change my setup to do authentication for everyone, and based on whether the user is in a specific group or not, allow them access to certain ACL's. I have a group in AD that should have full access. All users should authenticate. If the user is not in my Internet group then he gets to access a list of sites. If the user is in the Internet group he gets a different ACL to access everything. Is this possible with NTLM? I don't think it is. How would I approach this?
