[squid-users] NTLM Windows Authentication + group account + poor bandwidth + nasty fw rules = disaster

From: Albretch Mueller <lbrtchx@dont-contact.us>
Date: Sun, 4 Nov 2007 12:29:33 -0500

~
 Hi,
~
 I inherited two computer labs in a school (adult ed) with 28 desktops
running Windows XP SP2 which are part of the same network
~
 All 28 computers use the same group account to login and authenticate
via NTLM to a proxy server
~
 Now, company offering us Internet access is relatively large
corporation trying to venture in the grant-based business and doesn't
have experience running schools
~
 My network is fenced by pretty nasty firewall rules which appear to
apply to the actual workers of the company (not only youtube and
myspace are obviously blocked for employees, but also sites such as
web-based email ones and craigslist.org)
~
 My supervisor told me to do whatever I could "without messing with
things" (which we don't own) so that students/teachers could use the
lab
~
 I was basically thinking of:
~
 1) making all computers use one of the computers as a proxy
~
 2) this computer (1) would have installed squid and would carry of
its ntlm proxy negotiation with the proxy facing the Internet
~
 Should I use squid for win32 or Linux? I think squid for win32 should
be better because it could be using win32 NTLM from the OS itself, but
I don't really know
~
 What other issues should I consider?
~
 FW rules I am dealing with don't even the kind of syndicated content
driven by AJAX requests (apparently because they don't send much of
the Headers?) , so if teachers took the time to put their lessons of
the web, say at yahoo's geocities, then students can not access it
(?!)
~
 Can I play with squid caching rules so that I make sure that content
is local before teachers get to the lab?
~
 Any tips, links or white papers with insights into these kinds of setups?
~
 The kind of info I have found online seems a bit spotty to me and I
don't have much time to mess around with this network. I need
step-by-step types of instructions
~
 Thanks
 lbrtchx
Received on Sun Nov 04 2007 - 10:29:36 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:01 MST