Actually, most of the heavy lifting will need to be done with squid's
ad-authenticator. There are a number of howto's for doing this online,
but I'm afraid I don't have one handy right now. Get squid
authenticating to your AD system, then you simply need to configure
squidguard to filter based on those groups.
In a hypothetical example, if you have AD groups for Students, Teachers,
Administrators and IT staff, you would want to ensure that everyone is
contacting squid on the authenticated port, not being transparently
proxied through squid. The browser would then send the AD credentials
to squid upon connection and squid would confirm the credentials against
your AD server. Then all HTTP requests would be passed to squidguard as
coming from someone within say the Students group and would be filtered
according to your squidGuard ACLs for that group.
Disclaimer: All of this works with off-the-shelf squid+squidguard, I do
not know how much of this can be done specifically with the
squid+squidguard package in pfSense. Most of the GUI stuff is there,
but I don't know how much of the underlying code is there or works.
This would be an excellent bounty project for some people to embark upon
since URL filtering seems to be something that everyone and their second
cousin wants to see in the pfSense squid package.
-Gary
Curtis LaMasters wrote:
Do you happen to have a config that I can look at to do this or should
I start looking at Squidguard's page?
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Wed, Jan 20, 2010 at 11:08 AM, Gary Buckmaster <[email protected]> wrote:
Its possible to do with Squid and SquidGuard, and while some of the widgets
exist in the package GUI, I don't think they actually do anything.
Curtis LaMasters wrote:
Is there a way that I am just not seeing to authenticate users based
on their AD group (Users, Admins, Executives, etc) with Squid or
Squidguard. I would need to apply different policies to each group.
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
