[squid-users] RE : [squid-users] Transparent proxy, authenticacion,differentscenarios from Francois Liot on 2002-11-20 (squid-users)

From: Francois Liot <fliot@dont-contact.us>
Date: Wed, 20 Nov 2002 10:16:21 +0100

Using logon script, you can reach your purpose transparently.

The logon script adds correct registry keys to support proxy config (example)
Using Regdmp.exe (to manipulate Registry DB from command script - you can find it everywhere)
Regdmp.exe "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer "http=toto:8080;ftp=toto:3128;socks=toto:3128;https=toto:3128"

Then you are not any more in transparent proxy mode, and you can use NTLM automated authentication.

-----Message d'origine-----
De : Henrik Nordstrom [mailto:hno@squid-cache.org]
Envoyé : mardi 19 novembre 2002 22:06
À : Evelio
Cc : Squid Users
Objet : RE: [squid-users] Transparent proxy, authenticacion,differentscenarios

tis 2002-11-19 klockan 21.27 skrev Evelio:

> > > 1) A transparent proxy is not possible, isn´t it?
> >
> > No. The browser must be configured to use a proxy for authentication to
> > be possible.
>
> Is there any way to force the user to change the browser config ?
> Is there any way to do it "automatically"?

Semi-automatical: WPAD, if the browser has WPAD enabled. WPAD can set
the proxy configuration via DHCP or DNS.

Automatical: Via a domain logon script if your users are Windows users
logging on to your domain.

Forced: Firewall port 80, deny your users direct access. This can also
display a web page explaining to the user that they need to configure
the proxy settings in the browser and how (just use the same methods as
for transparent interception, but instead of sending the traffic to
Squid, send it to a web server).

> ok, I have change "manually" by browser conf. and now I have the
> authentication window, but
> need to use the /usr/bin/ncsa_auth program.
>
> Do I have to upgrade to Squid 2.5 from sources or can i find it in an rpm?

Most RPMs include ncsa_auth, but you should probably spend some minutes
and decide if NCSA auth is really what you want, or if you prefer to
integrate with a existing user directory such as LDAP / NT Domain /
Radius / NDS/ ....

For Squid-2.5 ncsa_auth is in libexec/. With a standard RPM install this
should be /usr/libexec/squid/

Regards
Henrik
Received on Thu Nov 21 2002 - 10:23:21 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:29 MST