RE: [squid-users] Re: SSO with Active Directory-Squid Clients

2010-04-05 Thread GIGO . 

Dear Markus,
 
Please i have few confusions which i want to satisfy.
 
1. If kerberos Authentication fails then what would be the fallback behavior 
would the Basic authentication to Ldap will be used instead? Does it need to be 
defined? what is the best strategy as Basic Authentication will be in clear 
text. In microsoft Environment the fallback is to NTLM authentication if 
kerberos fails isnt it a better strategy.
 
 
 
2. Isnt it better to use the combinition of kerberos/ldap only for SSO with 
active directory? Why winbind/Samba is referred in many tutorials while to me 
it look redundant? does it give any additional benefit or is it more stable? 
can u please enlighten me.
 
 
 
 
regards,
Bilal


 To: squid-users@squid-cache.org
 From: hua...@moeller.plus.com
 Date: Sat, 3 Apr 2010 13:34:15 +0100
 Subject: [squid-users] Re: SSO with Active Directory-Squid Clients

 Have a look at
 http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos and
 http://sourceforge.net/projects/squidkerbauth/files/squidkerbldap/squid_kerb_ldap-1.2.1/squid_kerb_ldap-1.2.1.tar.gz/download

 Regards
 Markus

 GIGO . wrote in message
 news:snt134-w171836624ce7937ad90d3eb9...@phx.gbl...

 Dear All/Amos,

 I want to allow certain(not all) Active Directory users to use squid by way
 of SSO with Active Directory. So means when any one from those specific
 users will login into Active Directory they should have automatically access
 to internet via Squid Proxy. Other AD users which have not permissions
 granted in Squid will be disallowed. Is it possible? How please guide in
 detail.


 This was my assumption of how it would be done:

 I needed to compile squid with these additional
 options --enable-basic-auth-helpers=LDAP 
 --enable-auth=basic,negotiate,ntlm
 --enable-external-acl-helpers=wbinfo_group,ldap_group 
 --enable-negotiate-auth-helpers=squid_kerb_auth
 Right??


 I need to configure krb5.conf to point to AD as Default_realm on CENTOS 5.4
 to right?


 I think that i must need to make Centos 5.4 member of the domain? Am i right
 or its not necessary


 How these specific AD users(with internet access allowed) will be
 told/mentioned to the squid?



 I have also studied your article
 http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ldap?action=print

 However this is allowing all(not specific) Active Directory or LDAP users
 internet access. This logic is just checking the validity of user account
 with Active directory by popping up a login/password and if succeeded
 network access is granted. Am i right?



 Bottom line is that i am completely lost and have not much idea what and how
 to do it. We previously are using Microsoft ISA server and are about to move
 to Squid and this requirement is very necessary.


 regards,

 Bilal Aslam










 _
 Hotmail: Free, trusted and rich email service.
 https://signup.live.com/signup.aspx?id=60969

 
_
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
https://signup.live.com/signup.aspx?id=60969

[squid-users] Re: SSO with Active Directory-Squid Clients

2010-04-03 Thread Markus Moeller 
Have a look at 
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos and 
http://sourceforge.net/projects/squidkerbauth/files/squidkerbldap/squid_kerb_ldap-1.2.1/squid_kerb_ldap-1.2.1.tar.gz/download


Regards
Markus

GIGO . gi...@msn.com wrote in message 
news:snt134-w171836624ce7937ad90d3eb9...@phx.gbl...


Dear All/Amos,

I  want to allow certain(not all) Active Directory users to use squid by way 
of SSO with Active Directory. So means when any one from those specific 
users will login into Active Directory they should have automatically access 
to internet via Squid Proxy. Other AD users which have not permissions 
granted in Squid will be disallowed. Is it possible? How please guide in 
detail.



This was my assumption of how it would be done:

I needed to compile squid with these additional 
options --enable-basic-auth-helpers=LDAP --enable-auth=basic,negotiate,ntlm 
--enable-external-acl-helpers=wbinfo_group,ldap_group --enable-negotiate-auth-helpers=squid_kerb_auth

Right??


I need to configure krb5.conf to point to AD as Default_realm on CENTOS 5.4 
to right?



I think that i must need to make Centos 5.4 member of the domain? Am i right 
or its not necessary



How these specific AD users(with internet access allowed) will be 
told/mentioned to the squid?




I have also studied your article
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ldap?action=print

However this is allowing all(not specific) Active Directory or LDAP users 
internet access. This logic is just checking the validity of user account 
with Active directory by popping up a login/password and if succeeded 
network access is granted. Am i right?




Bottom line is that i am completely lost and have not much idea what and how 
to do it. We previously are using Microsoft ISA server and are about to move 
to Squid and this requirement is very necessary.



regards,

Bilal Aslam










_
Hotmail: Free, trusted and rich email service.
https://signup.live.com/signup.aspx?id=60969