On 4/04/2012 9:12 p.m., Jasper Van Der Westhuizen wrote:
This allows my un-authenticated users access to the whitelisted domains and
blocks any links in the sites that are not whitelisted(like facebook and
youtube). It also allows my authenticated users access to all sites, including
whitelisted sites, as well as allowing linked sites like facebook etc.
Do you perhaps see any issue with this setup?
The only problem I forsee is that srcdomain is the clients IP rDNS record. You
have to encode into that what group they are in, so its restricted to clients
you> have control over rDNS for. In which case you may as well make them
static and use src IP checks.
Amos
Hi Amos
I want to change my setup to do authentication for everyone, and based on
whether the user is in a specific group or not, allow them access to certain
ACL's.
I have a group in AD that should have full access. All users should
authenticate. If the user is not in my Internet group then he gets to access a
list of sites. If the user is in the Internet group he gets a different ACL to
access everything.
Is this possible with NTLM? I don't think it is. How would I approach this?
Like so http://wiki.squid-cache.org/ConfigExamples#Authentication
Amos