I have a remote office with five employees who use a linux box to connect to
the internet. The workstations are win2k (and no, I can't change that.
Some of our software only works on MS, I'm working on it) I need to set it
up so that four of the users are only allowed to go to sites on a small
list, while the manager can go anywhere. I'm using SQUID as the proxy
component, so I've done some reading and here's what I've come up with:
I created a directory called controls
I created a file called collectors_group in the controls directory which
holds the login names of members of this group, as a test case I'm using the
root account.
I created a file called collectors_sites in the controls directory which has
a list of url regexes where they are allowed to go, as a test case I have
blackborder\.com as the only entry.
I edited the squid.conf file to add the following lines:
authenticate_program /usr/lib/squid/ncsa_auth /etc/shadow
acl collectors_group proxy_auth REQUIRED
"/var/ipcop/proxy/controls/collectors_group"
acl collectors_sites url_regex "/var/ipcop/proxy/controls/collectors_sites"
http_access allow collectors_sites collectors_group
http_access deny collectors_group
I made sure to put all of that BEFORE any other http_access rules. As far
as I can tell it doesn't seem to be working, anyone have an idea of what's
going on? This is mostly a test case, what I really want to do is set it up
so that squid will authenticate vs. Active Directory on my win2k server
which I've read that you're supposed be able to do with winbind, has anyone
seen a good howto on how to accomplish this?
Chris Berry
compjma@hotmail.com
Systems Administrator
JM Associates
"Within every man beats a heart of darkness." --The Shadow
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail
Received on Tue Jun 17 2003 - 12:39:38 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:24 MST