On 15.09.10 12:59, Manoj Rajkarnikar wrote:
> Thanks for the quick response Marcus.
>
> The reason I need to limit computer account and not user account is
> that people here move out to distant branches and the internet access
> policy is to allow to the position they hold, and thus the computer
> they will use.
I somehow don't understand this. Maybe it's my english.
Do you need to control access for the user+computer combination?
> I've successfully setup the kerberos authentication but I don't see
> how squid will fetch the computer information from client request and
> authorize it based on the group membership in AD. What I wish to
> accomplish is:
>
> 1. create a security group in AD
> 2. add computer accounts to this security group
> 3. squid checks if the computer trying to access internet is member of
> this security group.
> 4. if not, don't allow access to internet or request of AD user login
> that is allowed.
This seems that you want to allow access from some computers to the net, no
matter which user is logged in. Why not use ip-based or maybe
hardware_address-based authentication then?
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Quantum mechanics: The dreams stuff is made of.Received on Tue Sep 21 2010 - 11:32:54 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 23 2010 - 12:00:04 MDT