| haw3d |
12-19-2010 07:23 AM |
squid acl for ldap users
hi
i implement sso for my network and users can surf internet by login in his accounts and log their user names. i want to put some acls on user names instead of group based. and also can use delay pools for manage used bandwidth.
for example:
user1 allow internet access BW 10kbps
user2 deny internet access
user3 allow internet access BW 20kbps
can implement this by squid? can you give help me?
Linux 2.6.22 - squid 2.6 stable 6 - AD: win2k3 server
authentication config:
PHP Code:
# START AUTHENTICATION
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param ntlm use_ntlm_negotiate off
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Domain Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
authenticate_cache_garbage_interval 10 seconds
##
# Credentials past their TTL are removed from memory
authenticate_ttl 0 seconds
##
## acl entries to require authentication:
acl AuthorizedUsers proxy_auth REQUIRED
auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=ssotest,dc=com" -d -D "cn=Administrator,cn=Users,dc=ssotest,dc=com" -w "111111" -f "(&(objectClass=person)(sAMAccountName=%s))" -u sAMAccountName -v 3 -P 192.168.10.1:389
# METHOD is LDAP
auth_param basic children 20
auth_param basic realm Endian Advanced Proxy Server
auth_param basic credentialsttl 60 minutes
acl for_inet_users proxy_auth REQUIRED
# END AUTHENTICATION
excuse me for my bad English Thank you |
