I apologize up front for my ignorance of "NTLM" and "wb_group"!
> Using NTLM I can list users in a userlist with their domain and
> username info:
>
> domain1/user1
> domain1/user2
> domain2/user4
> etc..
>
> what would be nice is to be able to filter against entire domains.
>
> src domain1 {
> userlist domain1Users
> }
>
> where domain1Users contains:
> domain1
Would you mind using some "semi-real" data and explain that again? I'm
lost.
> 2) Creating a new src type called domain/domainlist which would
> contain a list of valid domains.
Listed in the squidGuard documentation under source group declarations
are:
IP addresses and/or ranges (multiple)
IP address/range list (single)
Domains (multiple)
Users (multiple)
User list (single)
This is not what you are looking for?
> Alternatively you could move this functionality into Squid to allow
> only selected requests to be passed to the redirector via Squid
> ACL's (currently not possible AFAIK)
Tag Name: redirector_access
Usage: redirector_access allow|deny
Description
If defined, this access list specifies which requests are sent to
the redirector processes
Default: All requests are sent
Example: redirector_access allow aclname
Will that do it?
Rick
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Jay Turner
> Sent: Wednesday, March 05, 2003 2:58 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: SquidGuard & NT Groups
>
>
> Hi All,
>
> I have built a version of Squid-2.5.STABLE1 that uses NTLM and wb_group for user
> authentication.
>
> The next logical step is having squidGuard be aware of these NT groups and using
> those as src declarations.
>
> Has anybody else thought of this/know a way to do this?
>
> Using NTLM I can list users in a userlist with their domain and username info:
>
> domain1/user1
> domain1/user2
> domain2/user4
> etc..
>
> what would be nice is to be able to filter against entire domains.
>
> src domain1 {
> userlist domain1Users
> }
>
> where domain1Users contains:
> domain1
>
> Changing squidGuard is probably the only way to do this. Possibly two ways this
> could be done:
>
> 1) Having userlists recognize regular expressions so domains could be listed as:
> ^domain1/.* - OK but probably not ideal
> 2) Creating a new src type called domain/domainlist which would contain a list of
> valid domains.
>
> This could be done by using a regular expression to match against the start of the
> IDENT username but be done behind the
> scenes perhaps?? (please suggest a better way if you have one)
>
> Alternatively you could move this functionality into Squid to allow only selected
> requests to be passed to the redirector
> via Squid ACL's (currently not possible AFAIK)
> This would not provide the granular level of control that would be available in
> SquidGuard, but it would be an easy
> solution to provide blocking against only some users.
>
> What are peoples thoughts on such functionality?
>
> Thanks
> Jay
>
>
>
