Re: RE: [squid-users] NTLM with multiple group support (one solution)

From: R�nnblom Jan�ke /Teknous <[email protected]>
Date: Fri, 26 Apr 2002 15:41:01 +0200

ChemolliF@GruppoCredit.it,Internet writes:
>> Hi!
>>
>> I have a squid-2.5dev6 where I want the users to authenticate
>> in the background so I chose to use NTLM. However I also
>> need the possibility to allow/disallow the users based on
>> what group they are member of. I have multiple groups in
>> my AD that are called "XX internetaccess". If the user is
>> member of any of these "internetaccess" groups they are
>> allowed access to the squid.
>>
>> What I have done is write a perl script which uses LDAP
>> to communicate with the AD. The script retreives all user
>> names from the groups in the AD and then writes it to a textfile.
>> Squid uses fakeauth and checks the username in the textfile. See
>> below for my rules.
>>
>
>Interesting. Does it handle multiple trusted domains?
>I could probably have a use for this :)

Since it uses LDAP it could probably be adapted to do this or you could
simply run the script multiple times and call different LDAP/AD servers.

I should probably move the $config variable outside the script. Ill think
about that in the next verison.
Received on Fri Apr 26 2002 - 07:41:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:42 MST