haw3d |
12-19-2010 07:23 AM |
squid acl for ldap users
hi
i implement sso for my network and users can surf internet by login in his accounts and log their user names. i want to put some acls on user names instead of group based. and also can use delay pools for manage used bandwidth.
for example:
user1 allow internet access BW 10kbps
user2 deny internet access
user3 allow internet access BW 20kbps
can implement this by squid? can you give help me?
Linux 2.6.22 - squid 2.6 stable 6 - AD: win2k3 server
authentication config:
PHP Code:
# START AUTHENTICATION auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm max_challenge_lifetime 2 minutes #auth_param ntlm use_ntlm_negotiate off auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Domain Proxy Server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off authenticate_cache_garbage_interval 10 seconds ## # Credentials past their TTL are removed from memory authenticate_ttl 0 seconds ## ## acl entries to require authentication: acl AuthorizedUsers proxy_auth REQUIRED auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=ssotest,dc=com" -d -D "cn=Administrator,cn=Users,dc=ssotest,dc=com" -w "111111" -f "(&(objectClass=person)(sAMAccountName=%s))" -u sAMAccountName -v 3 -P 192.168.10.1:389 # METHOD is LDAP auth_param basic children 20 auth_param basic realm Endian Advanced Proxy Server auth_param basic credentialsttl 60 minutes acl for_inet_users proxy_auth REQUIRED # END AUTHENTICATION
excuse me for my bad English Thank you
|