edvalpm
(usa Debian)
Enviado em 20/09/2007 - 16:10h
Bom dia Pessoal.
Nao estou conseguindo efetuar o controle de acesso a web pelos grupos do meu AD.
Na atual configuração, todos usuarios pertencentes ao meu AD navegam normalmente.
Como faço no meu squid.conf para criar os grupo com os respectivos acessos?
1)InternetFull <Acesso total a Internet>
2)Medium <Usuário com acesso restrito>
3)NoInternet <Usuários sem acesso a web>
PS: Os grupos já existem no meu AD, o Samba, WinBind e demais aplicaçoes estao instaladas e funcionando.
Segue a configuração do meu SQUID abaixo:
http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm "Acesso a Internet"
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
authenticate_cache_garbage_interval 10 seconds
authenticate_ttl 0 seconds
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl password proxy_auth REQUIRED
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
external_acl_type nt_group ttl=0 concurrency=5 %LOGIN /usr/lib/squid/wbinfo_group.pl
acl restrictedusers external nt_group nointernet
acl unrestrictedusers external nt_group internetfull
http_access deny !password
http_access allow unrestrictedusers
http_access deny restrictedusers
acl our_networks src 192.168.147.0/24
http_access allow our_networks
http_access allow localhost
http_reply_access allow all
icp_access allow all
http_access deny all
cache_effective_group proxy
logfile_rotate 10
error_directory /usr/share/squid/errors/Portuguese
coredump_dir /var/spool/squid