> Thanks you've been a great help. Glad to be of assistance.
> I've turned on IDENTD in squid > I now recieve usernames and can restrict based upon them. > I'm using the identd package from sourceforge.net. > As for the logging ... it is working out quite nicely. Thanks for the feedback Ryan, that's what makes the effort worthwhile. Rick > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Ryan Kather > Sent: Friday, May 10, 2002 10:12 AM > To: Rick Matthews > Cc: [EMAIL PROTECTED] > Subject: RE: Authentication question > > > Thanks you've been a great help. I've turned on IDENTD > in squid, I now recieve usernames and can restrict > based upon them. I'm using the identd package from > sourceforge.net. As for the logging, I've enabled it > and it is working out quite nicely. Thanks again > > Ryan Kather > > --- Rick Matthews <[EMAIL PROTECTED]> wrote: > > > I've asked this a number of times and never > > > really got an adequate response. > > > > I'll see if I can be of assistance. > > > > > I have a novell netware infrastructure ... > > > > I know next to nothing about Novell; that's why I > > have not responded before. > > > > > ... it deals with > > > file serving, printing, and user authentication. > > Our > > > machines have dynamic ip addressing and there are > > a > > > lot of them. It is because of this that I need a > > way > > > to control access based upon user ids. > > > > I understand. > > > > In order to do that you will need to set up Squid to > > do IDENT (RFC931) lookups. > > <http://squid.visolve.com/squid24s1/contents.htm> > > > > Then you'll need to run an ident server on each > > workstation. (I don't know if Novell > > already has that capability.) The squid site has a > > page that lists "related > > software", including ident servers: > > <http://www.squid-cache.org/related-software.html>, > > and here are the direct links: > > > > For Windows NT > > <http://freeware.teledanmark.no/identd/> > > > > For Windows 95/98/Me > > <http://identd.sourceforge.net/> > > > > Once you have ident up and running you can define > > squidGuard source groups using > > usernames: > > ------------- > > src admin { > > user root administrator foo bar # login names > > } > > ------------- > > or > > ------------- > > src ab_users { > > userlist [filename] > > } > > ------------- > > where: > > filename is either a path relative to dbhome or an > > absolute path (i.e. /full/path) to > > a database file. The userlist file format is simply > > RFC-931 usernames, optionally > > followed by a `:' and a comment (i.e. /etc/passwd or > > a .htpasswd file may be used) > > separated by a newline as in the user declaration > > but without the user keyword. Thus > > a userlist could look something like: > > ------------- > > root > > administrator > > foo > > bar > > ------------- > > [From <http://www.squidguard.org/config/>] > > > > You had also mentioned earlier about wanting to know > > who tried to go where. My > > suggestion there would be to give every destination > > group its own log file: > > ------------- > > dest porn { > > domainlist porn/domains > > urllist porn/urls > > logfile porn.log > > } > > ------------- > > (You will need to manually create each of these log > > files and correct set file > > ownership and permissions.) Then bounce squid. > > > > These destination group log files contain a record > > for every redirect within that > > destination group. For example, here are <my > > interpretation> of several of the fields > > in the log: > > > > 2002-05-06 23:13:40 - Date & time > > [24056] - Process ID > > Request > > (ab_users/porn/-) - source group / destination > > group / ? > > http://nasty-nasty.com - requested url > > 192.168.44.3/- - ip of requestor / ? > > rick - ident username > > GET - method > > > > I hope this helps. > > > > Rick Matthews > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]On > > Behalf Of Ryan Kather > > > Sent: Wednesday, May 08, 2002 8:03 AM > > > To: [EMAIL PROTECTED] > > > Subject: Authentication question > > > > > > > > > I've asked this a number of times and never > > > really got an adequate response. Perhaps this > > will > > > clear up what exactly I'm trying to do. > > > > > > I have a novell netware infrastructure, it deals > > with > > > file serving, printing, and user authentication. > > Our > > > machines have dynamic ip addressing and there are > > a > > > lot of them. It is because of this that I need a > > way > > > to control access based upon user ids. I don't > > > necessarily need to authenticate users, but I do > > need > > > to be able to ban certain users (whose parents > > don't > > > want them using the internet) from using the > > internet. > > > > > > > > > I've looked into LDAP authentication to Novell > > > (netware 5.1 sp4) and PAM_NDS module > > authentication. > > > The problems I have with these solutions are 1.) I > > > don't want to have a prompt pop up to authenticate > > all > > > users. 2.) Security concerns about possible clear > > text > > > packets containing user ids and passwords. > > > > > > A solution I would prefer is a simple userid > > check. > > > Squidguard checks the client workstation to > > determine > > > the userid. Squid then checks novell to see if > > that > > > id exists if it does squid checks a banned userid > > > list, and if the id is not banned squid passes out > > to > > > net. I don't know if this is possible, but any > > help > > > at all would be greatly appreciated. > > > > > > Another solution maybe would be for me to > > integrate > > > bordermanager's proxy server and set squid up as > > it's > > > parent. Then use bordermanager to handle user > > > authentication, however I don't know if I can > > > configure bordermanager to always only allow what > > > squid will pass in. In laments terms I don't know > > if > > > that will enforce blacklist policies. > > > > > > Thanks for any input, > > > Ryan Kather > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Yahoo! Health - your guide to health and wellness > > > http://health.yahoo.com > > > > > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Health - your guide to health and wellness > http://health.yahoo.com >
