Hi All,
I have built a version of Squid-2.5.STABLE1 that uses NTLM and wb_group for user
authentication.
The next logical step is having squidGuard be aware of these NT groups and using those
as src declarations.
Has anybody else thought of this/know a way to do this?
Using NTLM I can list users in a userlist with their domain and username info:
domain1/user1
domain1/user2
domain2/user4
etc..
what would be nice is to be able to filter against entire domains.
src domain1 {
userlist domain1Users
}
where domain1Users contains:
domain1
Changing squidGuard is probably the only way to do this. Possibly two ways this could
be done:
1) Having userlists recognize regular expressions so domains could be listed as:
^domain1/.* - OK but probably not ideal
2) Creating a new src type called domain/domainlist which would contain a list of
valid domains.
This could be done by using a regular expression to match against the start of the
IDENT username but be done behind the scenes perhaps?? (please suggest a better way if
you have one)
Alternatively you could move this functionality into Squid to allow only selected
requests to be passed to the redirector via Squid ACL's (currently not possible AFAIK)
This would not provide the granular level of control that would be available in
SquidGuard, but it would be an easy solution to provide blocking against only some
users.
What are peoples thoughts on such functionality?
Thanks
Jay
