I am trying to get a squid proxy setup where the parent cache used will
differ by the NTLM group membership. I have they NTLM auth's working
fine, will deny access based on group membership. However, when I try to
set up the different caches, the ACL seems to not be respond. They are
actually the same parent cache, just with different upstream accounts. So
I have
proxy1 - General Use Proxy
proxy2 - Slightly less restrictive proxy
group1 - General use AD group
group2 - Less Restrictive AD group
using
cache_peer_access proxy2 allow group2
never kicks any requests to proxy2. If I comment out proxy1, I get a
"Failed to Select Source" error in the cache.log. I know that the AD
group checking is working because if I do
http_access deny !group2
any user is group1 will get a user needs to auth type message in their
browser, and disabling that line lets them get to the site.
Am I doing this incorrectly? I read somewhere that using the
cache_peer_access with an external_acl (the AD groups) is not ideal and
will occasionally return the incorrect parent, but I can't find any other
way to do this.
Any thoughts and suggestions would be greatly appreciated. Thanks,
Andrew
Received on Fri Nov 16 2007 - 11:50:55 MST
This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST