[KLUG Members] Squid and ntlm_auth

[Adam Tauno Williams]

Quoting Komal <agencies_ad1 at sancharnet.in>:

>
>
>
>> Squid is the mechanism that is performing the user authentication,
>> through the method of either NTLM or BASIC.  What ds (directory service)
>> does your Squid setup check with to identify users?
>>
>> I don't think that you have the option of using a specific ACL when NTLM
>> is used as the authentication protocol, and yet a different ACL when
>> BASIC is used as the authentication protocol.  I assume that you wish to
>> check a specific ACL depending on the authentication protocol that is
>> negotiated?
>
> NO.
>
> Once there user is authenticated then I want to use user name with ACL. For
> example if user Komal is authenticated than I want user Komal to view only
> certain website irrespective of from which computer Komal is accessing
> caching server. I know with ip address it is damn easy but how to achieve
> same with user name.

ACLs evaluate to a boolean value (true or false).  placing multiple acls after
an http_access clause causes the ACLs to be evaluated and then an AND 
operation
is performed.

http_access allow rule1 rule2 rule3

- for instance, all rules must evaluate to true for the access to be allowed.

 From the examples in the documentation...
(2) To restrict access to work hours (9am - 5pm, Monday to Friday) from IP
192.168.2/24

acl ip_acl src 192.168.2.0/24
acl time_acl time M T W H F 9:00-17:00
http_access allow ip_acl time_acl
http_access deny all

Just substitute your user matching rule in there.

-- 
Adam Tauno Williams - http://www.whitemice.org