[squid-users] RE: EXTERNAL: [squid-users] Active directory with Squid

From: Bucci, David G <david.g.bucci_at_lmco.com>
Date: Wed, 29 Sep 2010 10:20:48 -0400

I don't know all of the details of accomplishing this with Squid, but if you're running Squid on a non-Windows server, one "gotcha" to be aware of is that you will (probably) need the updated Active Directory schemas on your W2K AD server ... you have to step up to at least Windows Server 2003 SP2's schema (though at this point, might as well update to the W2008 version). NOT saying you have to upgrade the OS itself -- but your AD schema needs the fields in it that are used to store Unix/Linux metadata (per RFC 2307. Which was clarified in ... 4718, I think?).

Again, I haven't done this with Squid (which probably relies on the Samba libs under the covers to integrate with AD), only Quest/Vintella and Likewise ... and I'm not 100% sure the Samba libs make use of the 2307-defined attributes, like Quest and Likewise do ... but it's something to watch for.

-----Original Message-----
From: Riccardo Castellani [mailto:r.castellani_at_usl6.toscana.it]
Sent: Wednesday, September 29, 2010 9:13 AM
To: squid-users_at_squid-cache.org
Subject: EXTERNAL: [squid-users] Active directory with Squid

I need to authenticate squid users by Active Directory.
My Microsoft domain is "inside.it" into internal network (every pc name is
according to "clientname.inside.it") and AD domain controllers have Win 2000
server as os.
On my external network (dmz) I have another domain that is "external.it";
it's not MS domain and it's used to introduce me on Internet about emails
and web services. E.g. :

my email address: Riccardo.external.it
my company www site: www.external.it

My dns is Bind9 and in my company it's available only for Squid (to solve
sitenames) infact my clients were not able to query to it.
My Squid version is 2.7 Stable3 and it stays on the same server where there
is Bind.

Can keep these 2 domains as divided and independent for integrating Squid
authentication to Active Directory ?
I read that, for creating this system, I have to insert my squid into domain
by SAMBA packet but my purpose is keeping same behaviour and environment.

Riccardo
Received on Wed Sep 29 2010 - 14:21:18 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 29 2010 - 12:00:04 MDT