[squid-users] R: EXTERNAL: [squid-users] Active directory with Squid

From: Riccardo Castellani <r.castellani_at_usl6.toscana.it>
Date: Wed, 29 Sep 2010 16:32:10 +0200

My active directory schema is already updated to win 2003 server

-----Messaggio originale-----
Da: Bucci, David G [mailto:david.g.bucci_at_lmco.com]
Inviato: Wednesday, September 29, 2010 4:21 PM
A: Riccardo Castellani; squid-users_at_squid-cache.org
Oggetto: RE: EXTERNAL: [squid-users] Active directory with Squid

I don't know all of the details of accomplishing this with Squid, but if
you're running Squid on a non-Windows server, one "gotcha" to be aware of is
that you will (probably) need the updated Active Directory schemas on your
W2K AD server ... you have to step up to at least Windows Server 2003 SP2's
schema (though at this point, might as well update to the W2008 version).
NOT saying you have to upgrade the OS itself -- but your AD schema needs the
fields in it that are used to store Unix/Linux metadata (per RFC 2307. Which
was clarified in ... 4718, I think?).

Again, I haven't done this with Squid (which probably relies on the Samba
libs under the covers to integrate with AD), only Quest/Vintella and
Likewise ... and I'm not 100% sure the Samba libs make use of the
2307-defined attributes, like Quest and Likewise do ... but it's something
to watch for.

-----Original Message-----
From: Riccardo Castellani [mailto:r.castellani_at_usl6.toscana.it]
Sent: Wednesday, September 29, 2010 9:13 AM
To: squid-users_at_squid-cache.org
Subject: EXTERNAL: [squid-users] Active directory with Squid

I need to authenticate squid users by Active Directory.
My Microsoft domain is "inside.it" into internal network (every pc name is
according to "clientname.inside.it") and AD domain controllers have Win 2000
server as os.
On my external network (dmz) I have another domain that is "external.it";
it's not MS domain and it's used to introduce me on Internet about emails
and web services. E.g. :

my email address: Riccardo.external.it
my company www site: www.external.it

My dns is Bind9 and in my company it's available only for Squid (to solve
sitenames) infact my clients were not able to query to it.
My Squid version is 2.7 Stable3 and it stays on the same server where there
is Bind.

Can keep these 2 domains as divided and independent for integrating Squid
authentication to Active Directory ?
I read that, for creating this system, I have to insert my squid into domain
by SAMBA packet but my purpose is keeping same behaviour and environment.

Riccardo
Received on Wed Sep 29 2010 - 14:31:47 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 29 2010 - 12:00:04 MDT