[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    [squid-users] Multiple Authentication Programs
From:       "Keppner, Christoph" <keppner () dhc-gmbh ! com>
Date:       2004-03-31 11:04:37
Message-ID: 9D4E266346D54346B15638DABB04C7A7374E () mail ! dhc-gmbh ! com
[Download RAW message or body]

Hi,

i'm running a squid server with ldap-Authentication against an Active
Directory server in Domain A. This works fine with the following lines:

...
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b
dc=domainname,dc=de -R -D XXXXXXX -w YYYYYYYY -f sAMAccountName=%s
servername

external_acl_type ldap_group %LOGIN
/usr/local/squid/libexec/squid_ldap_group -b dc=domainname,dc=de -D XXXXXX
-w YYYYYYY -f "(&(cn=%g)(member=%u)(objectClass=group))" -F
"(sAMAccountName=%s)" -h servername -p 389

acl Proxy-Group external ldap_group Proxy-Benutzer
acl ldap-password proxy_auth REQUIRED

http_access allow ldap-password localnet Proxy-Group
...

My Squid runs on a firewall with 3 interfaces, 1st interface is the
connection to my provider, 2nd interface is connected to "localnet". Now i
want to add a new ip-network on the 3rd interface. Within this network, a
new Windows 2000 Domain (Domain B) should be set up. Domain A is independant
from the domain in network B (no connection). Users from domain B should
have to use my proxy too, again with ldap-authentication and group-checking.
Is this possible? How?

Thanks for reply.

Christoph
[prev in list] [next in list] [prev in thread] [next in thread]