On Tue, Nov 27, 2007, shacky wrote:
> > If you set the authentication scheme to use only ntlm and set the rule
> > to allow only traffic that matches that acl.
>
> Yes, but I don't want the user not to be allowed to surf the Internet
> from a computer that isn't connected to the Active Directory domain.
> For example, I don't want the user to use their laptops even if they
> insert their user and password in the proxy authentication.
>
The question then is "how can a computer authenticate another computer?"
Squid doesn't care (at the moment); its just passed credentials.
Normally you'd actually prevent an entire computer from connecting to the
network. Enterprises do this via a variety of means, including stuff like
802.1x. Drop them in a seperate VLAN if you don't recognise the computer
and disallow that VLAN access to the proxy (and other resources.)
Adrian
-- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -Received on Mon Nov 26 2007 - 16:50:07 MST
This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST