[squid-users] Squid 3 and active directory transparent user authentication

Hello,

Currently architecture
----------------------
We have a dedicated squid 3 server and squidguard installed on a Linux Ubuntu server.
The goal is currently able to perform web cache for the corporate users and filtering web sites.
The server is installed on a DMZ private and allow :
-Trafic initiated from the LAN to the squid server for the port TCP 3128
-Trafic initiated from the squid server to internet with services HTTP, HTTPS, FTP, NTP, DNS
-The rest of the traffic is dropped by a hardware cluster firewall

Evolution architecture
----------------------
We want TRANSPARENTLY authenticate the corporate users who want to go on Internet. In more, we want to have in the log files the "username" for each request to Internet.
We want perform the user authentication in asking our windows server 2003 (active directory).

I have perform search to Internet and it seems to have several options :
-NTLM authentication
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm
http://wiki.squid-cache.org/ConfigExamples/Authenticate/NtlmWithGroups

-LDAP authentication
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ldap

-Kerberos authentication
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos

1-What is the best options to make authentication with Windows 2003 (active directory) and will be easy to deploy ?
2-It's possible for example to enable authentication for user and NOT for server ?
3-It is possible to create a special group in active directory which contain all user allowed to surf. Squid allow surf only if the user is present in this group ?
4-How can I differenciate in squid this 2 profiles ? For information, users and datacenters are in two separate IP subnets ?
5-Do you have a very good tutorial concerning the implementation in my case ?

Best regards,
 

Here the squid package version installed on our server

root_at_XXXXXX:/etc/squid3# dpkg -l | grep squid
ii  squid3                                    3.0.STABLE8-3                     A full featured Web Proxy cache (HTTP proxy)
ii  squid3-common                             3.0.STABLE8-3                     A full featured Web Proxy cache (HTTP proxy)
ii  squidguard                                1.2.0-8.4ubuntu1                  filter, redirector and access controller plu

                                               
Received on Sat Feb 12 2011 - 23:00:10 MST