Joseph L. Casale
2008-Jun-05 22:02 UTC
[CentOS] Web proxy/content filter w/ AD integration
I need to setup a proxy that does transparent auth to AD, does anyone have experience or suggestions for a setup that will run in CentOS? I came across an article on integrating Squid with Windows AD for auth but it doesn't auth transparently (is that even possible?). Thanks! jlc
On Thu, 2008-06-05 at 16:02 -0600, Joseph L. Casale wrote:> I need to setup a proxy that does transparent auth to AD, does anyone > have experience or suggestions for a setup that will run in CentOS? I came > across an article on integrating Squid with Windows AD for auth but it > doesn't auth transparently (is that even possible?). >I remember seeing something about Dans' Guardian (http://dansguardian.org/) supporting transparent authentication. Paul> Thanks! > jlc > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
Filipe Brandenburger
2008-Jun-06 03:00 UTC
[CentOS] Web proxy/content filter w/ AD integration
On Thu, Jun 5, 2008 at 6:02 PM, Joseph L. Casale <JCasale at activenetwerx.com> wrote:> I need to setup a proxy that does transparent auth to AD, does anyone > have experience or suggestions for a setup that will run in CentOS? I came > across an article on integrating Squid with Windows AD for auth but it > doesn't auth transparently (is that even possible?).Have a look at NTLM for authentication: http://www.google.ca/search?q=squid+ntlm http://www.google.ca/search?q=squid+ntlm+howto I'm almost sure that Squid supports it. HTH, Filipe
Joseph L. Casale wrote:> I need to setup a proxy that does transparent auth to AD, does anyone > have experience or suggestions for a setup that will run in CentOS? I came > across an article on integrating Squid with Windows AD for auth but it > doesn't auth transparently (is that even possible?). >Yes it is and i've configured it several times . You have to use samba/winbind for that. It does it transparently in the way that for M$ Internet Explorer it will never ask a username/password , but it will for everything else. I've even wrote a 'small-and-quick-and-dirty' tutorial when i deployed it on CentOS 4.x ... (please note that it has surely to be updated .. ;-) ) : http://www.arrfab.net/?topic=tutorials&id=squid -- - Fabian Arrotin <fabian.arrotin at arrfab.net> "Internet network currently down, TCP/IP packets delivered now by UPS/Fedex ..."