Dear Sir/Madam,
I've tried to activate LDAP authentication for Squid.
Users have to authenticate, but it doesn't matter if they are in one of
the two groups you have to be a member of.
Then when a user with restrictions opens a link like schoolbank.nl for
instance they get a login screen that doesn't disappear anymore.
A user without restrictions can open the link without any problem.
Can you give me a clue?
Regards Jeroen Ruijter
Active Directory Windows 2003
Domain.local
- Proxy
- InternetAccessGroup
- InternetAccessGroupRestricted
----------------------------------------------------------------
Squid.conf (version 3.0 installed on SuSE 11.2)
auth_param basic program /usr/sbin/squid_ldap_auth -v 3 -R -b
"dc=domain,dc=local" -D "cn=ldapuser,cn=users,dc=domain,dc=local" -w
"xxxxx" -f sAMAccountName=%s -h x.x.x.x
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
external_acl_type InetGroup %LOGIN /usr/sbin/squid_ldap_group -v 3 -R -b
"dc=domain,dc=local" -D "cn=ldapuser,cn=users,dc=domain,dc=local" -w
"xxxxx" -f "(&(objectclass=person) (sAMAccountName=%v)
(memberof=cn=%a,ou=proxy,dc=domain,dc=local))" -h x.x.x.x
acl users proxy_auth REQUIRED
acl InetAccess external InetGroup InternetAccessGroup
acl InetAccessRestricted external InetGroup
InternetAccessGroupRestricted
acl schoolbank.nl url_regex schoolbank.nl
acl users proxy_auth REQUIRED
http_access deny schoolbank.nl !InetAccess
http_access allow localnet users
Received on Thu Dec 03 2009 - 15:47:31 MST
This archive was generated by hypermail 2.2.0 : Fri Dec 04 2009 - 12:00:01 MST