Squid definitely understands LDAP and LDAP group membership and this should not come with any limitation in term of members (I did it some years ago with groups containing thousands of members).
This said, Zentyal's implementation stacks Squid and Dansguardian with which I'm less comfortable.
What would be interesting is a better view of "how these students are denied to access internet".
- What is the "error" or rather blocking message ? No error, it was blocking (from memory) the message was access denied, the same error as if the user was in a group without any rule and specific group rules were created.
- are you using kerberos authentication ? Yes
- did you try to authenticate users but not apply any filtering policy (except than requiring authentication) This is sort of how it is now, except I need to apply filtering (live school environment).
Answers in
redBefore the change (in a simple form) I had 2 filter properties, Teachers and Students.
I also had 2 filter groups, sending Teachers to the Teacher property and Student to the student property.
The way the configuration works it seems that once this is setup you cannot have a 'catch all' group with everyone in, so if for example I only had those 2 groups but a person from 'admin' group tried to access the internet they would be denied.
What I was seeing is certain students were being denied as if they didn't belong to the student group.
I need to have a filtering rule in place, otherwise the school would have unfettered internet access, something I'm not really allowed to do.
Also, another interesting part of the story. Before seeing lots of students unable to access the internet I had one student visit me saying his internet was not working. After verifying *everything*, recreating his account, changing his group to teacher (none of it worked), I created a new user for him, except instead of using the standard student username (3 letters then 5 digit number) I created it with firstname-lastname. Very strangely this worked correctly...
Hope this helps explain!