I have a client that uses a TS farm as well. If they are using AD and everything is working, you can:
1. Create an AD group called limited-Inet
2. Put the users you want to be restricted in that group
3. Add this to your squid.conf
acl our_networks src 192.168.0.0/16
acl NTLMUsers proxy_auth REQUIRED
.... other rules and policies....
acl ce external ntgroup squid-ce
acl ce_com dstdomain .realinfo.net .icccampus.org .iccsafe.org .realinfo2000.com
http_access allow ce ce_com
http_access deny ce
The users in the AD group squid-ce are allowed to go to the domains listed... denied to everything else. That second to last line...
http_access allow ce ce_com
....is an AND statement. users in the 'ce' group (from the squid-ce AD group) AND in the ce_com list are allowed through. If you have someone in the ce group, but trying to go to a different domain than listed, it will fail.
** We also have a group that gets NO internet... we put users in this group and add this at the very beginning (after the REQUIRED statement)
external_acl_type ntgroup %LOGIN /usr/lib/squid/wbinfo_group.pl
acl NOINTERNET external ntgroup no-internet
Works great for us.. good luck!
----- Original Message ----
From: Amos Jeffries <squid3_at_treenet.co.nz>
To: 9 denis <9denis_at_gmail.com>
Cc: squid-users_at_squid-cache.org
Sent: Thursday, August 13, 2009 9:00:18 AM
Subject: Re: [squid-users] Terminal Server Users
9 denis wrote:
> Hi,
>
> I am pretty new to Squid. I am using Webmin to configure Squid.
>
> We have Microsoft Windows 2003 Terminal Server on which 50 users login
> with their Active Directory ID. I have configured Proxy settings for
> all the users using Internet.
> Now, we want to block certain websites for only some of the users, how
> can I do it?
>
> Thanks in Advance.
>
> Regards,
> Denis
http://wiki.squid-cache.org/SquidFaq
Amos
-- Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18
Current Beta Squid 3.1.0.13
Received on Thu Aug 13 2009 - 18:41:42 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 14 2009 - 12:00:02 MDT