Re: [SQU] Resolving hosts to users from Robert Collins on 2000-10-04 (squid-users)

From: Robert Collins <robert.collins@dont-contact.us>
Date: Thu, 5 Oct 2000 07:52:42 +1100

Hi Eugene,
MS Proxy does the username resolution by forcing user authentication to the
proxy server. When this is done via NTLM and a internet explorer browser,
the user is not prompted for a password.

The NTLM branch of squid, which is under active development allows NTLM
authentication on squid, and will get the domain and username and log it
with no user prompting (As long as they use I.E.). It also prevents the
passwords traveling on the wire to the proxy. The current CVS branch "ntlm"
is fairly stable as far as changes (it hasn't been broken in the last 2
months), but due to the restricted testing it has undergone, we are calling
it "alpha quality" at the moment. We plan on the following new features
before feature-freezing and pushing for a full release: dynamic PDC-BDC
connection failovers, sort term challenge-response caching.

If you are willing to have the user passwords on the wire, and the users
recieve a password prompt when they start browsing, then standard squid with
one of the SMB authentication helpers should do you just fine. They can
authenticate the user directly to the NT Domain.

Rob

----- Original Message -----
From: "Eugene Geldenhuys" <eugeneg@tfx.com.au>
To: <squid-users@ircache.net>
Sent: Wednesday, October 04, 2000 10:11 PM
Subject: [SQU] Resolving hosts to users

> Hi
>
> I apologise in advance if this question has already been asked and
> answered - here goes:
>
> I have a requirement to be able to resolve the names of the users
> on a network in order to determine which sites they are browsing.
> Mickeysoft Proxy has the ability to do this as it simply looks up
> which user logged in on which IP and viola, you have a pretty log
> with names and all.
> The network in question has an NT server and a Linux proxy. I was
> thinking about having the users log in to the proxy before use, but it
> would be easier if I could just use LDAP or something to resolve
> back to the NT box.
> Anyone had a similar requirement?
>
> Best Regards
> Eugene Geldenhuys
> MCNE ECNE MCSE MCP
>
> TFX SOLUTIONS -
> PROFESSIONAL NETWORK DESIGN ,IMPLEMENTATION AND SUPPORT
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

Received on Wed Oct 04 2000 - 14:52:41 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:41 MST