Search squid archive

Re: [squid-users] How to obtain auth mask by ie if the domain user haven't correct rights?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

At 23.35 28/03/2005, eupec@xxxxxxxxxxx wrote:


Hi,
I would make the following authentication scheme with squid, if possible :)


My scenario: Windows 2000 Server (that acts as AD domain controller) + SquidNT 2.5.STABLE9 installed on it; domain clients are w98, w2k, wxp with IE 6 SP1. There's a group in AD called "internet", and the members of this group have rights to surf the web.

If a user is member of "internet" group, he logs in the domain and can browse the net -this is very simple to do with win32_check_group.exe helper and appropriate acl, I made it and works fine. If an user, member of domain users and not included in "internet" group logs into domain, naturally he can't surf (he isn't member of "internet" group); I would, in this case, that a login mask is presented by the browser, because can happen that someone have the right username/password (=is member of "internet" group) and permit the surf to this limited user, without have to log-off and log-in the domain again with different credentials. Essentially squid have to do a new membership check for new account nested in the first -that grants the domain membership but not the faculty to surf the web.


ISA server have this kind of behavior, and if could re-create with squit it would be pretty nice.

I know the ISA Server behaviour.

What you asking for, is trigger again an authentication request to the browser when the user authentication is correct, but an external acl, or any other acl, deny the access to Squid.

Some network administrators don't like this because allow the change of user credentials even using NTLM transparent authentication schema.

You can open a feature request on Bugzilla.

Regards

Guido



-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1           10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135  Fax. : +39.011.9781115
Email: guido.serassio@xxxxxxxxxxxxxxxxx
WWW: http://www.acmeconsulting.it/


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux