On 08/09/11 14:51, Bambang Sumitra wrote:
> Hi,
>
> i have following question regarding user authentication in squid,
> let say i have this scenario
> - there is user with username "bobby", he has 3 different device (
> ipad, laptop and smartphone)
> - bobby register the device to IT dept ( register the mac address )
> - IT support register mac address to the system and told the system if
> this 3 mac address is belong to user bobby, and setup an internet
> policy for him
> - bobby browse the internet using his device
> - system detect there is connection with registered mac address, then
> system do mac address look up, and find out this mac address is belong
> to user bobby
> - system arrange internet policy, which site category is allowed to user bobby
> - bobby then surf the net with only allowe category site
So in short: side-band authorization based on MAC address instead of IP?
NOTE: this is not real authentication. Although it does produce a users
name.
>
> my question is, can it done with squid+squidguard?
> the point is how to told squid to do automatic user authentication via
> mac address
Squid-3.2 is needed for this to work reliably. That version does MAC/EUI
lookups on both IPv4 and IPv6 by default for the required set of things
like logging and external_acl_type database lookups etc.
squidguard is not relevant. It operates on request URLs while they are
inside Squid. Access controls and authentication have already finished
and accepted the request by the time squidguard is contacted.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.11Received on Thu Sep 08 2011 - 05:40:41 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 08 2011 - 12:00:02 MDT