Sledeci deo conf fajla mi zavrsava samo deo onoga sto mi treba, to jest autorizacija radi ali na zalost dozvalja i korisnicima koji ne pripadaju grupi "InternetAccessGroup" da dobiju izlaz na net. Satima vec isprobavam, ako je mozda neko vec ispeglao slicnu stvar do kraja, neka je podeli :) naravno moze i dobar link (ali stvarno dobar :)
Inace, proxy je : squid-2.5-STABLE.3.3E (Linux kernel 2.4.21)
Code:
#--- AUTORIZACIJA -----------------------
auth_param basic program /usr/lib/squid/squid_ldap_auth -R
-b "ou=office,dc=mojdomen,dc=co,dc=yu"
-D "cn=Administrator,cn=Users,dc=mojdomen,dc=co,dc=yu"
-w "LOZINKA"
-f sAMAccountName=%s
-h 192.168.0.1
auth_param basic children 5
auth_param basic realm PROXY AUTORIZACIJA
auth_param basic credentialsttl 60 minutes
external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R
-b "ou=office,dc=mojdomen,dc=co,dc=yu"
-D "cn=Administrator,cn=Users,dc=mojdomen,dc=co,dc=yu"
-w "LOZINKA"
-f "(&(objectClass=user)(objectCategory=person)(sAMAccountName=%v)(memberof=cn=%a,ou=office,dc=mojdomen,dc=co,dc=yu))"
-h 192.168.0.1
# ---ACL LISTA ----------------------------
acl all src 0.0.0.0/0
acl localnet proxy_auth REQUIRED src 192.168.0.0/24
acl InetAccess external InetGroup InternetAccessGroup
# ---PRAVA PRISTUPA -----------------------
http_access allow InetAccess
http_access deny all
#--- AUTORIZACIJA -----------------------
auth_param basic program /usr/lib/squid/squid_ldap_auth -R
-b "ou=office,dc=mojdomen,dc=co,dc=yu"
-D "cn=Administrator,cn=Users,dc=mojdomen,dc=co,dc=yu"
-w "LOZINKA"
-f sAMAccountName=%s
-h 192.168.0.1
auth_param basic children 5
auth_param basic realm PROXY AUTORIZACIJA
auth_param basic credentialsttl 60 minutes
external_acl_type InetGroup %LOGIN /usr/lib/squid/squid_ldap_group -R
-b "ou=office,dc=mojdomen,dc=co,dc=yu"
-D "cn=Administrator,cn=Users,dc=mojdomen,dc=co,dc=yu"
-w "LOZINKA"
-f "(&(objectClass=user)(objectCategory=person)(sAMAccountName=%v)(memberof=cn=%a,ou=office,dc=mojdomen,dc=co,dc=yu))"
-h 192.168.0.1
# ---ACL LISTA ----------------------------
acl all src 0.0.0.0/0
acl localnet proxy_auth REQUIRED src 192.168.0.0/24
acl InetAccess external InetGroup InternetAccessGroup
# ---PRAVA PRISTUPA -----------------------
http_access allow InetAccess
http_access deny all
[Ovu poruku je menjao brainbuger dana 03.08.2007. u 09:20 GMT+1]