Web proxy access AD group restriction

Good evening, I want the permission to use the Internet to be decided at the AD group level
Tell me how to solve this?
Clarify: two groups in AD, one has access to the Internet, the other does not, how to assign these groups access or denial?

NethServer Version: NethServer release 7.9.2009 (final)
Module: squid



And welcome to the NethServer community!

There are several ways to do this, the easiest would be to only allow your (Squid-) Server direct access to the Internet.

Don’t use transparent mode, but use the quite reliable WPAD function. WPAD is still activated by MS, even on the latest Win10! So no work for this!

The shortcut with this implementation: You set read rights only for that specific group, but not the other, directly on the WPAD proxy.pac file!

2) Customized Access rules for squid.

Here you’ld need to create your own squid template, using the e-smith templating function, to create your own, customized squid.conf.

Here, you’ld need to create a couple of rules in the “access” area.

For both: YMMV

My 2 cents

a little unclear, here are my settings

there are only 4 options, I have authorization, but where to choose WPAD ???

and if possible, give an example with groups, thanks


Choose manual. The client is already set up to use WPAD, and NethServer has the file ready. If I’m not mistaken, you’ll find that file in /var/www/html/.

Apache distributes the file if a client requests it. Apache can be setup with group permissions, but you’ld need to check with Google.

Good evening, I still couldn’t figure it out a bit! Help me please!!! I found the wpad.dat file and there are already entries there! I need to create an A record in the domain controller on WPAD. On the Internet, I could not find how to prime the blood pressure groups to this wpad.dat file ???

Its been a while i made this work…

but first of all i imagine you should choose:

Once you got that working i guess i gets better…

There is another way to do this, remove gateway configurations on the group you dont want access to the internet. lol…

1 Like

In general, the task is the following! There are 4 groups in AD - squid-bed (access is denied to users on the Internet), squid-user (access is allowed), squid-admin (access to the Internet for the administrator), squid-limit (group of users with a limited speed), how to implement it all in nethserver ??? Now enabled in the authorization settings! I would be grateful if you can describe in detail how to implement this))) Thanks in advance !!!

Easy! :slight_smile:

Just create users for those who need internet, for those who dont need, just dont create them! :slight_smile:

I can´t describe it like that becouse i dont handle a proxy like that here, i handle internet connections in a firewall rules level.

I understand that with the help of the squid configuration file nothing will come out to solve such a problem! For example: / usr / lib / squid / ext_kerberos_ldap_group_acl -a -d -i -n -l ldap: //my.domain -u user -p password -g squid-internet