Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Block groups in squid (connected to AD)
#1

Hi all, long time reader first time poster, I have finally transfered our Squid proxy over to Active directory and have it logging perfectly, in a few words the server is almost perfect.

 

 

 

There is only one thing keeping me back and that is banned groups. We run close to 200 groups with around 5000 users, and 2 groups need to be banned from proxy access.

 

 

 

The problem?

 

 

 

I have no idea where to start, the server is setup to AD so thats the main problem out of the way, our logging is working fine, the in house web front to the log access is working perfectly.... but I cannot ban groups.

 

 

 

I dont have any code to go by for you, I have taken over the Linux side of the company and am still learning, I have managed to get samba, kerberos, squid and winbind talking and logging, squidGuard is blocking bad sites. The old system was all done around eDirectory with some good ldap lookups which I cannot change to suite AD because it falls over.

 

 

 

So in short.

 

 

 

Does anyone have any links or ideas for a code which will allow me to run a acl for bannedinternetusers from Active Directory.

 

 

 

I have tried external_acl_ldap etc and it really confuses me

Reply
#2
not me i'm afraid, however i'd suggest you drop Strabo a mail I think this would be an area he'd be familiar with
Reply
#3

Firstly, you need to define a group within the squid config file as an "access list", something like:



Code:
acl bannedusers external external_acl_ldap bannedinternetusers




(I'm not sure of using "external" - you'll have to confirm that syntax.)

 

Then add this in as a blocked group using the http_access tag, eg:



Code:
http_access deny bannedusers




Finally (optionally), add in some redirect page showing the reasons for the block:



Code:
deny_info YouAreBlocked.html bannedusers




 

That's kinda exhausted the limit of my knowledge, unfortuantely - I don't use SquidGuard and haven't got squid authenticating to anything more than originating IP address. Hope it helps in some way, though.

Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)