On Tue, Nov 10, 2009 at 5:30 PM, Matthew W. Ross
<[email protected]> wrote:
>>   Squid, to be precise.
>
> Do you use Active Directory to authenticate your users?

  Yup.

> Does the NTLM authentication on IE and Firefox work so your
> users don't even see it authenticate?

  Yup.  Once Squid is configured for NTLM, both MSIE and Firefox
transparently authenticate using the user's Windows login identity.

> Being a school, knowing who went where, when, from which
> computer is important.

  Squid logs every URL requested, with time stamp, client machine IP
address, and authenticated user ID.

  I've got a Perl script I use to make searching/viewing the logs easier.

  Translating URLs into high-level "what did the user do?" isn't
always easy (with any proxy), but if you're just looking to see who
did what when, this works great.

> I've been using Squid/Dansguardian for a while. Works so-so, but
> we were using the transparent proxy, which can't pick up the user
> name automatically.

  If you're already running Squid, it should be fairly easy to add
NTLM authentication.  The following would be the basic commands for
the Squid config file:

        # configure NTLM authentication, using winbind
        auth_param ntlm program /usr/bin/ntlm_auth 
--helper-protocol=squid-2.5-ntlmssp
        auth_param ntlm children 30
        auth_param ntlm keep_alive on
        # require authentication
        acl authenticated proxy_auth REQUIRED
        http_access deny !authenticated

  If you don't already have Samba configured as an Active Directory
member to support winbind authentication, I can tell you how to do
that, too.  :)

> If you're using squid, is it your own gray box running a generic linux 
> distribution?

  We're running CentOS (Red Hat Enterprise Linux clone) on an old
Gateway "server".  Linux runs on just about anything, from an old PC
to a modern Dell server.  Squid is also available for Win32, if you
want to go that route.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to