share/firewall/opnsense/pre-auth.conf
# /usr/local/etc/squid/pre-auth/50-linuxmuster.pre-auth.conf
#
# thomas@linuxmuster.net
# 20240212
#
# web proxy sso, allow only internet group
#
external_acl_type InternetAllowed ttl=60 negative_ttl=60 %LOGIN /usr/local/libexec/squid/ext_kerberos_ldap_group_acl -a -l ldaps://@@servername@@.@@domainname@@:636 -u global-binduser@@@realm@@ -p @@bindpw@@ -g internet@@@realm@@ -D @@realm@@
acl InternetAllowed external InternetAllowed
http_access deny !InternetAllowed