On Tue, Nov 27, 2007, shacky wrote: > > If you set the authentication scheme to use only ntlm and set the rule > > to allow only traffic that matches that acl. > > Yes, but I don't want the user not to be allowed to surf the Internet > from a computer that isn't connected to the Active Directory domain. > For example, I don't want the user to use their laptops even if they > insert their user and password in the proxy authentication. >
The question then is "how can a computer authenticate another computer?" Squid doesn't care (at the moment); its just passed credentials. Normally you'd actually prevent an entire computer from connecting to the network. Enterprises do this via a variety of means, including stuff like 802.1x. Drop them in a seperate VLAN if you don't recognise the computer and disallow that VLAN access to the proxy (and other resources.) Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
