Re: [squid-users] Squid - Freeradius authentication

From: Wei Ming Long <WEI_Ming_Long@dont-contact.us>
Date: Mon, 23 Jun 2003 11:09:15 +0800

Hi Henrik,

Thanks for you prompt response. But I have a few more questions.

>>> Henrik Nordstrom <hno@squid-cache.org> 06/20/03 07:25PM >>>
On Friday 20 June 2003 03.29, Wei Ming Long wrote:
>> Hi everyone,
>> I have been tasked with a project to grant web access to some
>> laptop clients.
>> I have some wireless clients & some of them have permission to surf
>> the internet & others don't. All web requests on port 80 are
>> redirected by iptables to the Squid proxy server, can I use
>> Freeradius to authenticate the users before sending the requests
>> out into the internet. And if the users are
>> not allowed to surf the internet, a web page will be sent to them
>> telling them
>> they are denied access. Can this be done?

>Authentication to FreeRADIUS can be done yes. Recommended method >is to
>use the native Radius helper linked from the Squid home page.
>However, please note that the Radius helper is currently looking for
>a new maintainer as the original maintainer does not have time or
>need to maintain it any longer, and as a result of this the helper
>have not yet been updated for Squid-2.5 and may have problems with
>certain passwords having odd characters in them. Other than this it
>should work fine with Squid-2.5.

When I use radtest command, Freeradius return Access-Accept, but when I use
the Radius helper, it gives me error.
I'm using Freeradius-0.8.1 & Squid-2.5Stable on RedHat Linux 8.0

>However, you cannot combine authentication and interception of port
>80. To use authentication the browser must be aware it is using a
>proxy, or else the browser will not agree on doing proxy
>authentication to a proxy which should not be there..

Transparent proxy just redirects a packet to another port on which Squid
listens, why can't Squid quthenticates the incoming redirected request with
the Freeradius server?
I don't understand why transparent proxy & authentication can't be used
together, can you explain to me?

Thanks
Matthew

>Regards
>Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org 
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Sun Jun 22 2003 - 21:09:59 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:35 MST