1 .if !'po4a'hide' .TH ext_lm_group_acl 8
4 .if !'po4a'hide' .B ext_lm_group_acl
6 Squid external ACL helper to check Windows users group membership.
11 .if !'po4a'hide' .B ext_lm_group_acl
12 .if !'po4a'hide' .B "[\-D "
14 .if !'po4a'hide' .B "] [\-cdhGP]"
18 is an installed binary in Squid for Windows builds.
20 This helper must be used in with an authentication scheme (typically
21 Basic or NTLM) based on Windows NT/2000 domain users (LM mode).
23 It reads from the standard input the domain username and a list of groups
24 and tries to match each against the groups membership of the specified
28 .if !'po4a'hide' .TP 12
29 .if !'po4a'hide' .B \-c
30 Use case insensitive compare.
33 .if !'po4a'hide' .B \-d
34 Write debug info to stderr.
37 .if !'po4a'hide' .B \-D domain
38 Specify the default user's domain.
41 .if !'po4a'hide' .B \-G
42 Start helper in Domain Global Group mode.
45 .if !'po4a'hide' .B \-h
46 Display the binary help and command line syntax info using stderr.
49 .if !'po4a'hide' .B \-P
50 Use ONLY PDCs for group validation.
54 .if !'po4a'hide' .B external_acl_type NT_global_group %LOGIN c:/squid/libexec/ext_lm_group_acl.exe -G
56 .if !'po4a'hide' .B external_acl_type NT_local_group %LOGIN c:/squid/libexec/ext_lm_group_acl.exe
59 .if !'po4a'hide' .B acl GProxyUsers external NT_global_group GProxyUsers
61 .if !'po4a'hide' .B acl LProxyUsers external NT_local_group LProxyUsers
63 .if !'po4a'hide' .B acl password proxy_auth REQUIRED
66 .if !'po4a'hide' .B http_access allow password GProxyUsers
68 .if !'po4a'hide' .B http_access allow password LProxyUsers
70 .if !'po4a'hide' .B http_access deny all
74 In the previous example all validated NT users member of GProxyUsers Global
75 domain group or member of LProxyUsers machine local group are allowed to
79 Groups with spaces in name, for example
81 , must be quoted and the acl data (
83 ) must be placed into a separate file included by specifying
86 The previous example will be:
88 .if !'po4a'hide' acl ProxyUsers external NT_global_group "c:/squid/etc/DomainUsers.txt"
93 file will contain only the following line:
100 The standard group name comparison is case sensitive, so group name
101 must be specified with same case as in the NT/2000 Domain.
102 It's possible to enable case insensitive group name comparison (
104 ), but on some not-english locales, the results can be unexpected.
108 Native WIN32 NTLM and Basic Helpers must be used without the
114 Refer to Squid documentation for the more details on squid.conf.
118 I strongly recommend that
120 is tested prior to being used in a production environment. It may behave differently on different platforms.
123 To test it, run it from the command line. Enter username and group
124 pairs separated by a space (username must entered with URL-encoded
136 behaves the same as a carriage return.
143 Test that entering no details does not result in an
149 Test that entering an invalid username and group results in an
153 Test that entering an valid username and group results in an
158 This program was written by
159 .if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it>
160 with contributions by
161 .if !'po4a'hide' .I Henrik Nordstrom <hno@squid-cache.org>
163 Based in part on prior work in
166 .if !'po4a'hide' .I Rodrigo Albani de Campos
168 This manual was written by
169 .if !'po4a'hide' .I Guido Serassio <guido.serassio@acmeconsulting.it>
170 .if !'po4a'hide' .I Amos Jeffries <amosjeffries@squid-cache.org>
174 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
176 * Squid software is distributed under GPLv2+ license and includes
177 * contributions from numerous individuals and organizations.
178 * Please see the COPYING and CONTRIBUTORS files for details.
180 This program and documentation is copyright to the authors named above.
182 Distributed under the GNU General Public License (GNU GPL) version 2 or later (GPLv2+).
185 Questions on the usage of this program can be sent to the
186 .I Squid Users mailing list
187 .if !'po4a'hide' <squid-users@squid-cache.org>
190 Bug reports need to be made in English.
191 See http://wiki.squid-cache.org/SquidFaq/BugReporting for details of what you need to include with your bug report.
193 Report bugs or bug fixes using http://bugs.squid-cache.org/
195 Report serious security bugs to
196 .I Squid Bugs <squid-bugs@squid-cache.org>
198 Report ideas for new improvements to the
199 .I Squid Developers mailing list
200 .if !'po4a'hide' <squid-dev@squid-cache.org>
203 .if !'po4a'hide' .BR squid "(8), "
204 .if !'po4a'hide' .BR GPL "(7), "
207 .if !'po4a'hide' http://wiki.squid-cache.org/SquidFaq
209 The Squid Configuration Manual
210 .if !'po4a'hide' http://www.squid-cache.org/Doc/config/