[squid-users] Re: squid active directory integration

Sat, 31 Aug 2013 08:25:31 -0700 

Amos Jeffries-2 wrote
> On 17/08/2013 1:09 a.m., cheitac wrote:
>> Hello all, Recently I tried many helpers to integrate squid with active
>> directory. I have 2 domain controllers in my lab environment two windows
>> 7
>> machines and centos 6. I'm interesting what is the best way to use squid
>> with active directory? I need to control AD User groups. Thanks.
> 
> The Squid wiki contains what you need:
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
> 
> Amos


I Used this howto and it's fine. But I use Active directory groups for
restrictions. Unfortunately *squid_ldap_group* does not works for me.


I add Bellow external access lists in my squid conf but i cannot filter AD
Groups.


########## Restrict Accountants
external_acl_type Accountant_Ldap %LOGIN /usr/lib64/squid/squid_ldap_group
-R -K \
        -b "dc=myorg,dc=example,dc=local" \
        -D sq...@mcg.com.ge \
        -w /etc/squid/ldappass.txt \
        -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=Accountants,ou=Myorg
Staff,ou=Administration,dc=myorg,dc=example,dc=local))" \
        -h dc02.myorg.example.local
########## Restrict Standard Users ###
external_acl_type Standard_Users_Ldap %LOGIN
/usr/lib64/squid/squid_ldap_group -R -K \
        -b "dc=myorg,dc=example,dc=local" \
        -D sq...@mcg.com.ge \
        -w /etc/squid/ldappass.txt \
        -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=Standard
Users,ou=Myorg Staff,ou=Administration,dc=myorg,dc=example,dc=local))" \
        -h dc02.myorg.example.local
#######################################
########## ACL

acl auth proxy_auth REQUIRED

acl MYAccountants external Accountant_Ldap Accountants
acl STUsers external Standard_Users_Ldap Standard\ Users

acl allowedlists url_regex -i "/etc/squid/Blacklists/Local/allowedlists.txt"
acl blacklists url_regex -i "/etc/squid/Blacklists/Local/blacklists.txt"


http_access deny !auth

http_access allow STUsers allowedlists
http_access deny STUsers all

http_access deny MYAccountants blacklists
http_access allow all

########################################################

if i use  *"http_access allow all"* , all authenticated users use internet
without restrictions











--
View this message in context: 
http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-active-directory-integration-tp4661575p4661867.html
Sent from the Squid - Users mailing list archive at Nabble.com.

Reply via email to