Hello I am hoping that I can gain some knowledge here...for several weeks, on and off, I've been playing with squid and all sorts of authenticators but I am still running into the same wall that I did at the beginning. The big thing I am being asked for by my boss is the ability to detect an expired password. As far as I've found from trolling the archives, the only projects to handle this sort of thing are now old and unmaintained and all of the authenticators I got working well report only OK or ERR.
Our (planned) environment is this: Two layers of squids; the first will serve certain websites that we have deemed general access - for example, our Corporate web site - without authentication or pass on any other requests to the second which will be using authentication and Websense Enterprise to filter access. I had hoped to use our fresh new Windows AD in some way to provide the authentication since my early NTLM and Samba authenticator experiments were all too flaky to put into a production system and I'd read many posts on this list suggesting LDAP authentication against AD. I got this working nicely using the squid_ldap_auth helper program and a username/group filter like "(&(CN=%s)(memberOf=CN=InternetUsers))". This is great but the demand from on high still stands. The helper returns only OK or ERR! So are there any "live" projects out there that can help? As I mentioned, I'd like to use the AD as a source to save having to maintain seperate user lists - and frankly our users have enough problems remembering passwords as it is - but I need to trap expired passwords and at least redirect the user to a web page saying "Your password has expired! Go change it!". Also has anybody got any experiences of using the MS Services For UNIX tool and using that as an NIS server? I was going to try it but I'd rather not put any irreversible changes to the AD schema just yet and all the test environment hardware is in use at the moment...can it do what I want it to do? Is it stable? Environment: Squid 2.5.STABLE3 RHEL 3.0, kernel: 2.4.21-27, SMP Here's hoping! -- Ian Large <[EMAIL PROTECTED]> IT Department, Christian Salvesen, Lodge Way, New Duston, Northampton NN5 7SL, United Kingdom Tel: +44 1604 737100 x760 Fax: +44 1604 737111 -------------------------------------------------------------------------------- For information on Christian Salvesen visit our website at www.salvesen.com. The information contained in this e-mail is strictly confidential and for the use of the addressee only; it may also be legally privileged and / or price sensitive. Notice is hereby given that any disclosure, use or copying of the information by anyone other than the intended recipient is prohibited and may be illegal. If you have received this message in error, please notify the sender immediately by return e-mail. Christian Salvesen has taken every reasonable precaution to ensure that any attachment to this e-mail has been swept for viruses. However, we cannot accept liability for any damage sustained as a result of software viruses and would advise that you carry out your own virus checks before opening any attachment. Christian Salvesen is a trading name of the Christian Salvesen Group. Christian Salvesen PLC (Company number SC7173) is the ultimate holding company within the Christian Salvesen Group whose registered office is at 16 Charlotte Square, Edinburgh EH2 4DF.
