Hello List, I'm a newb to squid and this list, I need a little help. I have squid/2.5.STABLE7-NT installed on a W2K server with the latest patches.
The goal is to have multiple groups with different levels of internet access for each group. Also let everyone have full internet access during lunch 12-1pm. Last but not least use active directory authentication. I am able to add windows authentication for my proxy. I created a local group called ProxyUsers on the w2k server, that group consist of the domain group called RestrictedUsers. More groups will be created later (AccountingRestricted, SalesRestricted, Unrestristed, etc...) For now I'm using one group (for testing). If employees are not in that domain group (RestrictedUsers) they do not have internet access and if they are, a login box appears. So I know this works with the active directory authentication. This is were I'm stuck. We will need to have multiple groups that need more access then others. Which will require multiple access list I know. I guess my question is how do you associate certain access-lists for certain groups with authentication. I included my squid.conf to give you a basic idea of what I have. I know it's not the cleanest but it's working so far :) If anyone has a link or advice, please let me know. Sorry if this is such a newb question. Thank you, James http_port 192.168.0.135 8080 cache_mem 2 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size_in_memory 250 KB cache_dir ufs C:/squid/var/cache 100 16 256 cache_access_log C:/squid/var/logs/access.log cache_log C:/squid/var/logs/cache.log cache_store_log C:/squid/var/logs/store.log emulate_httpd_log on log_ip_on_direct on mime_table C:/squid/etc/mime.conf log_fqdn on client_netmask 255.255.255.255 unlinkd_program c:/squid/libexec/unlinkd.exe refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 auth_param ntlm program c:/squid/libexec/win32_ntlm_auth.exe -A ProxyUsers auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm use_ntlm_negotiate on acl restrictedaccess dstdomain .edu acl restrictedaccess dstdomain .gov acl restrictedaccess dstdomain .il.us acl restrictedaccess dstdomain .mil acl restrictedaccess dstdomain .windowsupdate.com ***really long list but you get the idea acl all src 0.0.0.0/0.0.0.0 acl password proxy_auth REQUIRED acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 acl USI src 192.168.0.0/24 acl lunchtime time MTWTF 12:00-13:00 http_access allow manager localhost http_access allow password restrictedaccess http_access allow USI lunchtime http_access deny to_localhost http_access deny !Safe_ports http_access deny all cache_mgr [EMAIL PROTECTED] cache_effective_user nobody unique_hostname squidproxy 192.168.0.10 announce_period 1 day icon_directory C:\squid\share\icons error_directory C:\squid\share\errors\English coredump_dir c:/squid/var/cache
