說明
1.squid proxy 使用帳號須為 ad_group 群組成員
2.dc 192.168.1.1
3.domain name aaa.com
4.squid 向dc認證用帳號 squid 密碼 p@ssw0rd
/etc/squid/squid.conf 加入
auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b "dc=aaa,dc=com" -D "CN=squid,cn=Users,DC=aaa,DC=com" -w p@ssw0rd -f sAMAccountName=%s -h 192.168.1.1
external_acl_type ldap_group %LOGIN /usr/lib64/squid/ext_ldap_group_acl -R -b "dc=aaa,dc=com" -D "CN=squid,cn=Users,DC=aaa,DC=com" -w p@ssw0rd -f "(&(objectclass=person)(sAMAccountname=%v)(memberof=cn=%g,cn=Users,DC=aaa,DC=com))" -h 192.168.1.1
acl ad_group external ldap_group ad_group
http_access allow ad_group
沒有留言:
張貼留言