BusyBoy wrote:
> Hello ,
>
> I have the Cache System in a domain of Windows Workstations:
>
> My Current configuration is like this:
>
> I have three groups to give them internet access accordingly:
>
> 1: some are totally blocked to internet ( except local interanet sites)
> 2: around 100 IP's are allowed for all internet except
> Hotmail.com,mail.yahoo.com and MSN Messenger:
> 3: around 50 IP's are those who are totally allowed to every internet entity.
>
> and all this is working fine as far as the IPs are concenered.
>
>
> before this I had configured ISA server for Active Directory User
> based permissions and It went quite happily but due to some reason
> (Fortunately we moved to Squid)
>
> now when I have installed Squid and I am doing with it fine w.r.t
> IP,,, I have seen that there is a patch for squid called "
> MSNTAuth"...
>
> Can someone guideme if there is anything with MSNTAuth patch to do
> with Active Directory Users, so that I can configure it to autheticate
> current user from Primary Domain Controller and the proxy/cache remain
> transparent to user.
>
> One thing more that if it is done successfully,,,will the user have to
> put username/password everytime to verify access information?
You don't need any patches for Squid 2.5, it's all built in. As far as
actually interfacing with the Active Directory, you can either use the
LDAP helpers (squid_ldap_auth and squid_ldap_group) or Samba 3.0 and
Winbind. There is information in the FAQ.
If you don't want the users to be prompted for logon information, it can
be gathered using NTLM authentication. This grabs the logon details
straight from Internet Explorer, but I've heard it may be prone to
failure. There should be plenty of information in the FAQ and list
archives (since I've just been through this mess).
Regards,
Oliver
Received on Thu Jan 13 2005 - 15:02:19 MST
This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST