Hello ,
I have the Cache System in a domain of Windows Workstations:
My Current configuration is like this:
I have three groups to give them internet access accordingly:
1: some are totally blocked to internet ( except local interanet sites) 2: around 100 IP's are allowed for all internet except Hotmail.com,mail.yahoo.com and MSN Messenger: 3: around 50 IP's are those who are totally allowed to every internet entity.
and all this is working fine as far as the IPs are concenered.
before this I had configured ISA server for Active Directory User based permissions and It went quite happily but due to some reason (Fortunately we moved to Squid)
now when I have installed Squid and I am doing with it fine w.r.t IP,,, I have seen that there is a patch for squid called " MSNTAuth"...
Can someone guideme if there is anything with MSNTAuth patch to do with Active Directory Users, so that I can configure it to autheticate current user from Primary Domain Controller and the proxy/cache remain transparent to user.
One thing more that if it is done successfully,,,will the user have to put username/password everytime to verify access information?
You don't need any patches for Squid 2.5, it's all built in. As far as actually interfacing with the Active Directory, you can either use the LDAP helpers (squid_ldap_auth and squid_ldap_group) or Samba 3.0 and Winbind. There is information in the FAQ.
If you don't want the users to be prompted for logon information, it can be gathered using NTLM authentication. This grabs the logon details straight from Internet Explorer, but I've heard it may be prone to failure. There should be plenty of information in the FAQ and list archives (since I've just been through this mess).
Regards, Oliver
