Re: [squid-users] Transparent User ACL under Windows Terminal Server from Tim Neto on 2004-01-22 (squid-users)

From: Tim Neto <tneto@dont-contact.us>
Date: Thu, 22 Jan 2004 09:28:45 -0500

Hello Jaime,

The answer to both questions is yes. However, instead of using Winbind,
you may want to use LDAP. I am currently using Squid with users on
multiple terminal servers on multiple subnets. I use both the
authentication and group access controls. Since AD can be accessed via
LDAP, you may want to explore this. Check the history on this mailing
list. Both LDAP authentication and AD authentication are discussed
extensively.

Tim

-- 
----------------------------------------------------------------------
Timothy E. Neto
 Computer Systems Engineer              Komatsu Canada Limited
 Ph#: 905-625-6292 x265                 1725B Sismet Road
 Fax: 905-625-6348                      Mississauga, Ontario, Canada
 E-Mail: tneto@komatsu.ca               L4W 1P9
----------------------------------------------------------------------
Jaime Nebrera Herrera wrote:
>  Hi all,
>
>  This is my first question to the squid list, and believe is a hard one.
>
>  1) A client has asked us if it was possible to filter internet access based 
>on user (different rules for each one) BUT using a Windows Terminal Server 
>(same IP, same MAC). I have searched the list and have found that Squid is 
>able to log the different users, so I believe its possible. Am I right?
>
>  2) Secondly, at the same time they want to log the user transparently 
>against an Active Directory server. Again, searching the net we have found 
>that its possible to auth against an AD server (using winbind in Samba 3) and 
>also, login transparently (something about NTLMSSP). But again, my question 
>is, will this be possible when the users come from a Windows Terminal Server?
>
>  If both answers are YES, we will make an offer to that client and if its 
>accepted we will be willing to pay up to 1.200 euros to get help doing this.
>
>  Please, I need an answer for 1) and 2) ASAP, the development can take longer 
>but I have to make the offer FAST.
>
>  Thanks in advance. Regards.
>
>PS.- You  can reach me at work in:
>
>  jnebrera_AT_eneotecnologia_DOT_com
>
>  
>

Received on Thu Jan 22 2004 - 07:28:58 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:08 MST