[squid-users] Active Directory computer login restrictions stops Squid authentication for these users

From: D & E Radel <radel@dont-contact.us>
Date: Fri, 26 Aug 2005 23:53:59 +1200

Hi there

Squid is authenticating with no problems with our domain via LDAP.

I wish to use the built-in Active Directory account option to restrict
which computers a user on our domain can log into (i.e. instead of being
able to log into 'all computers', just their own). If I enable this
setting, these users no longer access the www through the Squid proxy.
Obviously there is an option to add other computer names to the list of
computers that a user can log into (e.g. our squid box).

Our Squid runs on Linux and has not been made a member computer of our
domain as we are not using winbind or samba. I am not sure how to get
our Squid box to register its IP in the DNS server on our Domain
Controller. I manually added a record in the DNS, but only the full
computer name (including domain name suffix) resolves. There is not
enough space to type the whole name in, under the Active Directory
options.

So I am wondering if figuring out whether investigating any of these
will allow me to still authenticate the users in squid as well as
restricting their ability to log into various local pcs. Or whether it's
a waste of time. I am not sure on the specifics of how Squid exactly
interacts with AD and whether or not this is possible.

The easiest solution is not to restrict what computers our users can log
into. But, I'd like to figure out if it's possible to restrict them and
still have squid authenticate them.

Any tips or ideas greatly appreciated. Many thanks in advance. :-)
D.Radel.
Received on Fri Aug 26 2005 - 05:55:44 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:02 MDT