Dansguardian, NTLM & security groups

[j17sparky]

Im just in the process of settintg up a Squid/dansguardian proxy to replace our current (broken) system.

Its all set up and working; DG passing NTLM to squid for authentication, reading from the "filtergroupslist" file for filtergroup determination. The "filtergroupslist" is generated by a nice little bash script from the DG website, which works by matching the AD security group to a filtergroup and outputting to the "filtergroupslist" file. ie

Code:

# /etc/dansguardian/lists/filtergroupslist
user1=filter1
user2=filter2
user3=filter1
etc

Great, it works, but is there a way to make DG use the security groups directly, ie the equivelant of;

Code:

# /etc/dansguardian/lists/filtergroupslist
staff_security_group=filter1
pupil_securty_group=filter2
etc.

The idea being; with the bash script method when a new user is added to AD the script must be re-run. In the proposed method there wont be a script to run, so cutting out a step.

Its not a big deal no, but i like to get things working the best i possibly can.


Also how is everyone elses set up? Do you hae any extras/advice/etc to make my set up better?

[j17sparky]

Bumpy!

[monkeyx]

We use AD groups in squid but ended up creating a seperate machine(virtual) for staff as we only use DG for pupils.

Does the DG script work well? As would be interested in looking at this again.

[j17sparky]

We use AD groups in squid but ended up creating a seperate machine(virtual) for staff as we only use DG for pupils.

Does the DG script work well? As would be interested in looking at this again.

Its just a bash script which looks for security groups in AD, pulls all the members and labels them with teh appropriate filtergroup. Cant really see how it could go wrong tbh.