Re: [squid-users] Does Squid 3.3 AD authentication

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Mon, 23 Dec 2013 21:52:15 +0200

On 23/12/13 21:34, Javed Iqbal wrote:
> I am using transparent proxy as middle in the man. I want to integrate
> squid with active directory, and then want to make acl of group of
> users. Users wil be aded into active directory. Is this possible in
> latest squid.
You should have basic acls that you do allow to everyone and ontop of
that allow only to authenticated users.
For example: yahoo.com (news section) will be allowed to all while
google.com will be allowed only to authenticated users.

Build your logic since the only way to use users is by strict
configuration in the browser or applying these using Active Directory
policies.
It can be very simple to just apply a rule that will force the users
computers to use a proxy while not allowing any direct access to the
Internet based on simple FW rules.
If someone complains that something is not working for him it's very
nice but he now knows the policy of the company that do no allow direct
access to the Internet.

You can test the policies on a test lab and see if it fits you or not.
The combination of AD should be implemented with kerberos.

All The Bests,
Eliezer
Received on Mon Dec 23 2013 - 19:57:31 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 24 2013 - 12:00:05 MST