1st, please ask questions on the newsgroup if possible so more people will
benefit from our exchange. Also if I tell you something wrong someone else
will surely correct it!
As far as I know, no method of authentication works with transparent mode.
Reasons vary, but a common one is that in trasparent mode, the
authentication request is made to seem to come from the remote server,
instead of the server running squid. This means that the authentication
reply is returned to the remote server, which means that the squid server
never receives it.
The closest thing to transparent mode with authentication that I know of is:
1. Configure squid to NOT use transparent mode.
2. Configure squid to require an ident reply in order to allow access.
This is done
using the ident acl and http_access allow commands.
3. Make sure every client user computer runs an identd program.
4. Set the client computer browser to "Automatically detect settings" for
the proxy
5. Put a wpad CNAME in your DNS server and wpad.dat on the web server
squidguard runs on.
6. Now you can use the "user" directive in squidguard.
7. Set up your iptables or ipchains rules to force users to use your
proxy.
This is not really transparent because it means that you have to run an
ident program on every client, and the browser settings also must be set.
But it does work for people with laptops without them having to change their
settings between when they are on your network and when they are on some
other network, like at home.
I have tried the smbauth authentication method as well (see
http://www.hacom.nl/~richard/software/smb_auth.html for details). For this
to work you need to have an NT/2000 server or else run Samba on the Linux
server. Then when the user tries to access the Web, squid will prompt the
use for her name and password. The prompting seems to be needed by all other
authentication schemes except for ident.
-----Original Message-----
From: Annamaria Labarbuta [mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 15, 2002 7:05 AM
To: [EMAIL PROTECTED]
Subject: help about transparent proxy with user authentication
hello!
I read
http://www.maynidea.com/squidguard/ident.html
because I'm searching for an authentication method that works in
transparent mode using
iptables rules +squid +squidguard (in squidGuard.conf I need a "user"
option)
You said that "some methods will prompt for an additional
username/password".
Which methods?
Can you give me any advice?
Thank you,
Annamaria Labarbuta
Universit� degli Studi di Bari.
