Em 15/04/11 21:30, Joachim Wiedorn escreveu:
> Hello,
>
> since some days I search for the way how I can use the login data of the
> user on his computer (client) for authentication check while he is using
> his browser.
>
> As I have understood if I activate authentication in /etc/squid3/squid.conf
> then the browser ask the user at the first time of web access for username
> and password. But the user always have done a login on this client computer
> so why must I start this second authentication check of the user?
>
> This way would be useful for use with LDAP or AD, but also with PAM
> authentication.
>
> Does anywhere know the solution?
>
if your users have already logged in on your AD network, you can
have squid configured to use those authentication credentials for
logging and filtering web access *WITHOUT* asking again for
username/password.
squid has several authentication methods, not all of them does this
'transparent' authentication. The most basic squid authentication
method, 'basic' one, doesnt that. 'basic' authentication will ALWAYS
give you an authentication popup. To acchieve the transparent
authentication, you'll have to use probably ntlm, digest or negotiate
authentication methods. Using these authentications methods *AFTER*
having your linux box joined your AD network correctly, you can have the
transparent authentication working. Users will open browser, no
authentication window will pop up and, and even then, username will be
logged on squid logs and can be used for filtering purposes.
***PLEASE*** do not confuse transparent authentication with
transparent proxy. None authencation method will work on transparently
intercepted requests (transparent proxy). To have ANY authentication
method working, proxy **WILL HAVE TO BE** correctly configured on the
browser.
Google for 'squid ntlm_auth' or 'squid squid_kerb_auth' for plenty
of documentation on how to configure and use these authentication
methods. Google as well for documentation on joining your linux box onto
your AD network, this will be needed for those authentication methods to
work.
-- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertrudes_at_solutti.com.br My SPAMTRAP, do not email itReceived on Sat Apr 16 2011 - 01:25:28 MDT
This archive was generated by hypermail 2.2.0 : Sun Apr 17 2011 - 12:00:03 MDT