[squid-users] Squid with AD - missing libraries
Amos Jeffries
squid3 at treenet.co.nz
Sat Sep 26 04:02:27 UTC 2015
On 26/09/2015 2:22 a.m., Veronica Ovando wrote:
> Thank you so much for your answer, Amos. It was really usefull.!
>
> In addition, I would like to create groups in AD and access policies to
> those groups. For example, the group "Blocked" will not access to
> internet, "Restricted" will be able to browse some domains, etc. For
> that taks, I use the ext_ldap_group_acl in this way:
>
> auth_param ntlm program /usr/bin/ntlm_auth --diagnostics
> --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN
> auth_param ntlm children 10
> auth_param ntlm keep_alive on
> #
> auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 50
> auth_param basic realm Squid
> auth_param basic credentialsttl 2 hours
> #
> external_acl_type AD_Grupos ttl=10 children=10 %LOGIN
> /usr/lib/squid3/ext_ldap_group_acl -b "dc=domain,dc=com" -d -D
> squid at domain.com -W etc/squid3/ldappass.txt -f
> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=SquidGroups,dc=domain,dc=com))"
> -h dc at domain.com
>
> Is this correct? I am newbie with this kind of features.
It looks kind of alright. But I'm not very familiar with LDAP syntax. So
I may be wrong.
You still need the ACL definitions using those helpers and http_access
rules defining your access policy though.
FWIW: The config examples for authentication, with or without groups,
can be found here:
<http://wiki.squid-cache.org/ConfigExamples/#Authentication>
Amos
More information about the squid-users
mailing list