You can use a batch tool that regulary extraxts the user group from your 2000
domain and puts it into a file for use by Squid.
In future you should also be able to write a Win 2000 group helper to the
external_acl framework (see http://devel.squid-cache.org/extenal_acl/).
(Note: external_acl will be in Squid-2.6, or as a patch to Squid-2.5)
Regards
Henrik
Brunner Richard wrote:
> Dear Mailinglist!
>
> I´ve to set up a squid-proxy-server (squid-2.4STABLE6) with authentication
> at a windows 2000 domain.
>
> I have three Groups on the Windows 2000 Domain which should be
> authenticated. This should not be a problem with "smb_auth". I create the
> file "proxyauth" with the content "allow" on the windows 2000 netlogon
> share and give only these three groups access rights.
>
> But my problem is that I want to specify that group1 is only allowed to
> visit http://page1.com, http://page2.com and http://page3.com, but group2
> should be able to surf everywhere in the web with some restrictions
> (sex-sites and so on) and group3 should have access to the internet without
> any restrictions.
>
> In the "squid.conf" I can make a "user access list", eg.: "acl group1
> proxy_auth winuser1 winuser2 winuser3" but in each of these groups are a
> few hundred users and therefore it is not very comfortable to define the
> groups this way. Every time a user gets added/deleted from the windows
> 2000-domain I would have to delete/add this user in the squid.conf as well.
> Is there a possibility to say for example: "acl group1 proxy_auth
> wingroup1" ?
>
> Thank you very much for your help
>
> Richard Brunner
>
> ____________________________________________
>
> Richard Brunner
> Dyna Data Informatik GmbH
> A 6850 Dornbirn/Austria, J.G. Ulmerstrasse 21
>
> tel ++43 - (0)5572 - 90 80 90
> fax ++43 - (0)5572 - 90 80 905
>
> richard.brunner@dynadata.at
> ____________________________________________
-- Basic free Squid support provided thanks to MARA Systems AB Your source of advanced reverse proxy solutions or customized Squid solutions. http://www.marasystems.com/products/Received on Wed May 08 2002 - 04:44:51 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:02 MST