narancs wrote:
> 1. internet proxy for a company is a suse 9.0 linux dist with
> squid-2.5.STABLE3-110
> 2. proxy authentication is required
> 3. usernames/password should be taken from the company's windows' active
> directory
Either LDAP or Winbind can do this.
> 4. there are three groups of users: three different acls are required:
> - average joe user can only view some sites based on a list
> - leaders can view anything, but only http and https
> - sysadmins can ftp, too
> 5. group membership should also be taken from windows
Both LDAP and Winbind have group helpers that can do this.
> 6. pre-windows2000 protocols are not enabled because of security policy
> and requirements, maybe this is the reason why msnt_auth doesn't seem to
> work. On a DC that enables NT4's protocols, msnt_auth works.
The Winbind helpers with Samba are preferred over msnt_auth, and should work
with all versions of Windows.
> 7. both ldap_auth authenticators I couldn't get working, although I have
> seen the ldap tree scheme, maybe I was wrong understanding it.
With AD you need to use a search filter. There is an AD example in the LDAP
helper's man page that should get you started.
You can also search the mailing list archives and look at the authentication
FAQ:
http://www.squid-cache.org/Doc/FAQ/FAQ-23.html
Adam
Received on Wed Sep 08 2004 - 19:49:05 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT