Answer the question
In order to leave comments, you need to log in
How to make distribution of AD users on freebsd proxy through different channels depending on the group?
There is an AD + DHCP server based on win2008R2 and a backup AD server on win2019. Replication is proceeding successfully and there is a desire to get rid of the old server and switch to the new one completely. But this is prevented by two proxy servers on freebsd 9. These proxy servers have squid 3 with authorization in AD in win2008r2 (the first one) and the second without authorization in the domain, but also squid3 + dansguardian. The first proxy allows administration through an unfiltered channel, the second one allows teachers through a filtered channel (through squid) and children through a white list (dansguardian). old squid cannot carry out authorization in win2019, because this protocol is already obsolete and does not work (NTLM). There is an idea (I feel that this is possible) to make one proxy server in which there will be 2 Internet channels and squid would distribute users, depending on the group in AD, who should go where.
Additional terms:
Answer the question
In order to leave comments, you need to log in
At the end of 2019, shortly before dying in the "System Administrator" there were a couple of articles on setting up squid for authentication through kerberos and managing groups through AD. The task is quite solvable on one proxy. It can be solved even without group management, but there is also an article about bumping, without which now all access control shrinks to control of the initial entry, and then, provided that DoH is not involved or the DoH servers are blocked.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question