On tor, 2008-08-21 at 07:24 -0700, nairb rotsak wrote:
> Just to clarify, to use wbinfo_group.pl, I need to:
> 1. Add Domain Local group to Active Directory called Internet-Allowed (name not important)
Yes, unless you already have a suidable group.
> 2. Add 'external_acl_type ADS %LOGIN /usr/lib/squid/wbinfo_group.pl' to squid.conf
Yes.
> 3. Add 'aclInternet-Allowed external ADS Internet-Allowed' to squid.conf
Yes.
> 4. Add 'http_access allow Internet-Allowed all'
The use of all is redundant above, but does not make much harm.. the
Internet-Allowed acl alone is sufficient.
> Second
> question.. does this mean anyone not in this group will not have
> Internet.. or do I have to do a deny acl/http_access combo?
Depends on your following http_access rules. Any user not member of the
group won't match this http_access line.
Regards
Henrik
This archive was generated by hypermail 2.2.0 : Tue Aug 26 2008 - 12:00:04 MDT