Re: [squid-users] ntlm group acl's
Hi B, it's quite easy to use AD group based ACLs. First of all check if you get all groups right form your AD: $ /usr/sbin/wbinfo_group.pl $ M180D01+y2237 Internet $ OK If you get OK - proceed, else you had to check your samba settings. In squid.conf you had to add the follwoing line: external_acl_type AD_group ttl=3600 children=5 %LOGIN /usr/sbin/wbinfo_group.pl Now you can define AD groups in squid: ie acl Administrator external ADS_Group domain-administrator # Def. Administrator as AD group domain-administrator acl AuthUsers proxy_auth REQUIRED From now on you can define ACL as described by Amos Jeffries. Good luck, Daniel Am Donnerstag, 2. Juli 2009 07:32:36 schrieb Beavis: is it possible for squid to have the option where it can be tailored to apply ACL's based on groups on AD? any help would be awesomely appreciated. regards, -b
[squid-users] ntlm group acl's
is it possible for squid to have the option where it can be tailored to apply ACL's based on groups on AD? any help would be awesomely appreciated. regards, -b -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: [squid-users] ntlm group acl's
On Wed, 1 Jul 2009 23:32:36 -0600, Beavis pfu...@gmail.com wrote: is it possible for squid to have the option where it can be tailored to apply ACL's based on groups on AD? any help would be awesomely appreciated. regards, -b http://wiki.squid-cache.org/SquidFaq/SquidAcl ACLs are applied left-to-right within each access line. Placing an ACL which matches a specific group left of an ACL which tests something else will cause the second ACL to only be checked if the first ACL matches. ie http_access allow AdminGroup !FakeAdminClones This is one of the ordering techniques I recommend for optimal minimum impact of regex and other slow ACL. Amos
