> -----Messaggio originale-----
> Da: Amos Jeffries
>
>>>>> "Riccardo Castellani" 11/17/2010 1:46 PM
>>>>>
>> I'm using Squid 2.7 Stable3 in my network where some clients are in
>> workgroup while others in MS domain.
>> I'm testing LDAP Authentication by Active Directory and It likes that
>> it
>> works!
>>
>> I'd like allowing "web surfing" sequentially according to these rules:
>>
>> rule 1: by only IP ADDRESS
>> rule 2: by Active Directory USER (user can navigate from any pc)
>> rule 3: by Active Directory USER (user can navigate from specific
>> pc)
>>
>> Rule 1 is for computers whicg are in workgroup, so there are only local
>>
>> users.
>> Rule 2 is for computers in MS domain where every user MUST use his pc
>> Rule 3 is for computers in MS domain where "special users" (e.g.
>> director)
>> who can navigate from any pc.
>>
Okay, as promised.
To combine Rules 2 & 3 into a single http_access line for many logins
use an external_acl_type helper. There is one bundled in 2.7 called
"ip_user" which fits this scenario exactly.
Details of its configuration can be found here:
http://www.squid-cache.org/Versions/v3/3.2/manuals/ext_file_userip_acl.html
(ignore the binary name in these docs, it changed in 3.2. The config etc
remain the same).
Alternatively if you maintain any sort of management database to
administrate this for your network a custom helper script can look up
the info directly in there instead of a text file.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3Received on Thu Nov 18 2010 - 11:54:22 MST
This archive was generated by hypermail 2.2.0 : Thu Nov 18 2010 - 12:00:03 MST