I completely forgot that domain/domainlist is already taken (duh!) Possibly replace my suggestion of domain/domainlist with group/grouplist perhaps.
-----Original Message----- From: Jay Turner [mailto:[EMAIL PROTECTED] Sent: Wednesday, 5 March 2003 4:58 PM To: [EMAIL PROTECTED] Cc: Henrik Nordstrom [EMAIL PROTECTED] Subject: SquidGuard & NT Groups Hi All, I have built a version of Squid-2.5.STABLE1 that uses NTLM and wb_group for user authentication. The next logical step is having squidGuard be aware of these NT groups and using those as src declarations. Has anybody else thought of this/know a way to do this? Using NTLM I can list users in a userlist with their domain and username info: domain1/user1 domain1/user2 domain2/user4 etc.. what would be nice is to be able to filter against entire domains. src domain1 { userlist domain1Users } where domain1Users contains: domain1 Changing squidGuard is probably the only way to do this. Possibly two ways this could be done: 1) Having userlists recognize regular expressions so domains could be listed as: ^domain1/.* - OK but probably not ideal 2) Creating a new src type called domain/domainlist which would contain a list of valid domains. This could be done by using a regular expression to match against the start of the IDENT username but be done behind the scenes perhaps?? (please suggest a better way if you have one) Alternatively you could move this functionality into Squid to allow only selected requests to be passed to the redirector via Squid ACL's (currently not possible AFAIK) This would not provide the granular level of control that would be available in SquidGuard, but it would be an easy solution to provide blocking against only some users. What are peoples thoughts on such functionality? Thanks Jay
