I run Squid/DG transparently on an OpenBSD machine for our network. I don't use any NLTM but I see people talking about it on the DG list all the time. I believe it's natively supported now. Do you have a current version? I can still tell when and from what computer a violation occurs based on the reports DG emails me without the NTLM.
-- Mike Gill -----Original Message----- From: Matthew W. Ross [mailto:[email protected]] Sent: Tuesday, November 10, 2009 2:30 PM To: NT System Admin Issues Subject: Re: (Non)transparent Proxies Do you use Active Directory to authenticate your users? Does the NTLM authentication on IE and Firefox work so your users don't even see it authenticate? (That's been my limited experience so far in my testing.) Being a school, knowing who went where, when, from which computer is important. So far, various content filters claim to be "the best" filter, but don't really give me a good report on where little Johny went on the internet from which computers. I actually could care less if the student was blocked or not... the Teacher in the room should handle inappropriate internet use. (Don't get me wrong, blocking the bad stuff is important, but it's an uphill battle.) But I want the proof where the users go. I've been using Squid/Dansguardian for a while. Works so-so, but we were using the transparent proxy, which can't pick up the user name automatically. We were using a little trick using an ident client on each machine, which would place the responding ident name in the Dansguardian log... but systems that didn't have ident would connect slowly (waiting for ident to time out) and ident is an ancient and easy to hack and/or break technology. If you're using squid, is it your own gray box running a generic linux distribution? --Matt Ross Ephrata School District ----- Original Message ----- From: Ben Scott [mailto:[email protected]] To: NT System Admin Issues [mailto:[email protected]] Sent: Tue, 10 Nov 2009 13:41:34 -0800 Subject: Re: (Non)transparent Proxies > On Tue, Nov 10, 2009 at 4:32 PM, Matthew W. Ross > <[email protected]> wrote: > > I'm curious who here uses a non-transparent proxy? > > /me raises hand > > Squid, to be precise. > > > ... thinking of blocking port 80 and requiring our users to use a specific > proxy server, so we can track users via login. > > That's what we do, amoung other things. > > > If you do use a non-transparrant proxy, how do you inform your users how > to connect? > > The users wouldn't know a proxy if it hit them in the head. > Corporate IT handles everything. > > We use WPAD (web proxy auto-discovery). Windows recognizes by > default. Some other things do. Not as many as I'd like. > > Some things have to be manually configured to use the proxy. > > Firefox can use WPAD, but doesn't enable it by default. We push a > config file to fix that. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
