Re: [squid-users] transparent proxy with Active Directory Login

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 17 May 2009 19:02:50 +1200

Gavin McCullagh wrote:
> On Thu, 14 May 2009, Amos Jeffries wrote:
>
>> What can be done is to glean some details such as machine IP and do some
>> local not-quite-auth testing on it to see who is logged in and get their
>> username back (NP: not password). AD may be able to map IP to current
>> user. This has to be done in the background with an external_acl_type
>> helper. It's called out-of-band authorization.
>
> Are there any docs or howtos around on this? We use authentication one one
> subnet, but it's a bit of a pain. We're not really that concerned to
> require people to remember passwords, we just want to work out who the user
> is with a reasonable level of accuracy. Authenticated proxies seem to
> break various clients so if out-of-band might be an interesting
> alternative.
>
> Gavin
>

Nothing easy to understand tat I know of. It's kind of wrapped in the
specific local management systems you use, to pull the IP out of the
request and compare it to some local database.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
   Current Beta Squid 3.1.0.7
Received on Sun May 17 2009 - 07:02:56 MDT

This archive was generated by hypermail 2.2.0 : Sun May 17 2009 - 12:00:01 MDT