RE: [squid-users] ldap authentication...

No need to apologize. Often I see someone post something like "I need this"
and then 4-5 posts later someone else finally asks why, and then you see
"ahhh, you just need to do this instead" :)

If all traffic going through the proxy needs to be authenticated, and you
use basic auth, then the users will be presented with a basic auth pop up
box asking for their username and password. You can have an ACL rule that
allows non-authenticated traffic through, to one site, that web page you
mentioned. Alternatively, that website can be inside your network. In that
case the students will access that local webserver for their account setup,
and then head out through the proxy to the internet. Traffic going through
the proxy can be set up so it needs to be authenticated, doing so on another
server first I have not heard of. Giving the new students notification like:
"welcome to school, to access the internet you need to set up your account
here: www.internal.webserver.com/student/signup.htm" And then have all proxy
traffic that is not authenticated properly be redirected to this site or
some other page that explains why they couldn't get access to the internet.

If the users are already logged into some kind of network, then there are
other methods of authenticating too.
Spend some time learning about the ACL options and read through some of the
online documentation. I picked up the O'reilly book, "Squid the Definitive
Guide" and it helped me a lot..as did scouring the net for information about
squid and what we were trying to do.

Chris Perreault

-----Original Message-----
From: Rick Whitley [mailto:rickwh@dbu.edu]
Sent: Monday, July 12, 2004 2:36 PM
To: Chris Perreault
Subject: RE: [squid-users] ldap authentication...

Hi Chris,

Thanks for the reply and I appologize for the generic posting. We are a
university and are setting up a proxy server for the student/dorm internet
access. The goal is to have a student (wired or wireless) hit the network,
and be displayed a web page that will give them the option to activate their
account or if they already have, login and access the internet.

We have dhcp with the gateway pointing to the proxy server. The proxy will
redirect to a web server to display the page. Once they login the proxy will
authenticate them and either reject access or allow access.

Do I have the process right or am I way out in left field?

thanks for taking time to respond to this.

rick...
Rom.5:8

>>> Chris Perreault <Chris.Perreault@Wiremold.com> 7/12/2004 1:09:46 PM
>>>
The FAQ at the www.squid-cache.org site is one place to research this.

When you compile squid you need to have the ldap helper included too.

./configure -h will display all the options

./configure --enable-basic-auth-helpers=LDAP

From the source code will help. Within the helpers directory you can drill
down into the LDAP directory and read the help files included there too.

Using your favorite search engine on SQUID LDAP will give you plenty to read
too.

You may also find that stating what you'd like to do, to this list, will
result in responses less generic and more geared towards a solution that
suites your particular needs.

Chris Perreault

-----Original Message-----
From: Rick Whitley [mailto:rickwh@dbu.edu]
Sent: Monday, July 12, 2004 1:23 PM
To: squid-users@squid-cache.org
Subject: [squid-users] ldap authentication...

Hello,

I am new to Squid and would like to know where to find information on
setting up squid to use ldap for authentication. I have read that it is part
of the basic ncsa_auth module but the only examples I see use ncsa_auth with
a passwd file. I'm not asking for anyone to do my job, just tell me where to
find some documentation and examples.

thanks

rick...
Rom.5:8
Received on Mon Jul 12 2004 - 13:11:03 MDT