Schön!
LDAP-Gruppen, die zur Authentifizierung an Squid berechtigt sein sollen, können Sie über die UCR-Variable squid/auth/allowed_groups definieren:
ucr search squid/auth/allowed_groups
squid/auth/allowed_groups:
This variable can be used to limit the proxy access to one or several groups. If several groups are specified, they must be separated by semicolons. If this variable is empty or unset, all users can access the proxy.
Beachten Sie hierbei aber, dass die ACL’s nur dann auch in die /etcsquid3/squid.conf geschrieben werden, wenn eine Authentifizierung definiert wurde:
[code]ucr search squid/basicauth
squid/basicauth/children:
The maximum amount of authentication processes for LDAP authentication. If the variable is unset, up to five processes are possible.
squid/basicauth:
If this option is enabled, an LDAP authentication is required for accessing the proxy.
ucr search squid/krb5auth
squid/krb5auth/children:
The maximum number of authentication processes for Kerberos authentication. If the variable is unset, up to ten processes are possible.
squid/krb5auth/keepalive:
As standard, an NTLM authentication is performed for every HTTP query if Kerberos authentication is used. If for example the website http://www.univention.de/ is opened, the subpages and images are loaded in addition to the actual HTML page. The Kerberos authentication can be cached per domain: If this option is enabled, no further authentication is performed for subsequent HMTL queries in the same domain. If the variable is unset, no authentication credentials are cached.
squid/krb5auth/tool:
The program used by Squid for Kerberos authentication. If the variable is unset, ‘/usr/lib/squid3/squid_ldap_ntlm_auth --gss-spnego --gss-spnego-strip-realm’ is used. This setting should usually not be modified.
squid/krb5auth:
If this option is enabled, an Kerberos authentication is required for accessing the proxy.
ucr search squid/ntlmauth
squid/ntlmauth/children:
The maximum number of authentication processes for NTLM authentication. If the variable is unset, up to ten processes are possible.
squid/ntlmauth/keepalive:
As standard, an NTLM authentication is performed for every HTTP query if NTLM authentication is used. If for example the website http://www.univention.de/ is opened, the subpages and images are loaded in addition to the actual HTML page. The NTML authentication can be cached per domain: If this option is enabled, no further NTLM authentication is performed for subsequent HMTL queries in the same domain. If the variable is unset, no authentication credentials are cached.
squid/ntlmauth/tool:
The program used by Squid for NTLM authentication. If the variable is unset, ‘/usr/lib/squid3/squid_ldap_ntlm_auth’ is used. This setting should usually not be modified.
squid/ntlmauth:
If this option is enabled, an NTLM authentication is required for accessing the proxy.
[/code]