I'm trying to use AD LDAP authentication but I have to keep backward
compatibility for computers which are in workgroups.
I'd like permit Internet access according to IP ADDRESS listed in file
'per_ip' (for workgroup PC) and others by AD LDAP authentication (MS domain
PC).
My problem is understanding Squid behaviour where there is AD LDAP
authentication, that is when
Example:
1- acl videosp req_mime_type -i ^application/x-shockwave-flash$
2- acl audiosp rep_mime_type -i ^application/x-mms-framed
3- acl emmepitre url_regex ^http://.*\.mp3
4- acl onlyforip src "/etc/squid/per_ip"
5- acl ldap-auth proxy_auth REQUIRED
6- http_access deny audiosp
7- http_access deny videosp
8- http_access deny emmepitre
9- http_access allow onlyforip
10- http_access allow ldap-auth accesso_esclusivo_ip_pc
11- http_access allow localhost
12- http_access deny all
For precedence of evaluating rules, when I open my browser, what rule does
Squid analyze ?
I think rule 6, but how Squid knows if client have to use LDAP
Authentication or to look at in the file 'onlyforip' to grant Internet
access for IP Address ?
I think Squid first has to look at the rules 9 and 10, so I think there is
priority of rules which is not dependent from rules sequence ?!
I'd like solve my doubt
Received on Mon Nov 22 2010 - 12:00:46 MST
This archive was generated by hypermail 2.2.0 : Mon Nov 22 2010 - 12:00:03 MST