Hello
My environment: Ubuntu 8.04 LTS, Squid 2.6.18, Samba 3.0.28a
I am looking to find a way to check with an acl if a user is member of a specific ad-group. On my Squid Proxy Server, I have successfully set up an SSO authentication with the active directory.
This works fine. Among other things:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="Domäne\\AD-GroupeA"
Now I start with the definition of the acl's. At first I would like to make a badUrls list which is valid for all users to block some sites. This list should not be applied to a group of personal computers (host) and/or a specific AD group.
Here is my approach:
acl auth proxy_auth REQUIRED
acl badurls url_regex "/data/squid/badurls.txt"
acl AllowedClients srcdom_regex -i "/data/squid/allowed_clients.txt"
acl AllowedGroups proxy_auth -i Domäne/AD-GroupeB
http_access allow auth AllowedClients
http_access allow auth AllowedGroups
http_access deny badurls
http_access allow auth
http_access deny all
The acl with the badurls list and the acl for the AllowedClients are working fine. But with the acl acl AllowedGroups proxy_auth -i Domäne/AD-GruppeB I have great problems. I don't know how I can make an acl who check the membership from an AD-Groupe.
I tested many different types of spelling. Unfortunately without success. How can I make an acl using ntlm_auth authentication? Is there a better and easier way to do this?
Thank you for your suggestions.
Kind regards.
Weihnachts-Shopping online: auf Nummer sicher gehen und mit dem MSN Internet Explorer 8 sicher surfen, jetzt kostenlos herunterladen!
_________________________________________________________________
Ski-Weltcup: Alle Rennen, alle Resultate und News auf MSN Sport
http://sport.ch.msn.com/skialpin/
Received on Wed Dec 02 2009 - 14:15:24 MST
This archive was generated by hypermail 2.2.0 : Thu Dec 03 2009 - 12:00:01 MST