Hi,
At 13.53 26/08/2005, D & E Radel wrote:
Hi there
Squid is authenticating with no problems with our domain via LDAP.
I wish to use the built-in Active Directory account option to
restrict which computers a user on our domain can log into (i.e.
instead of being able to log into 'all computers', just their own).
If I enable this setting, these users no longer access the www
through the Squid proxy. Obviously there is an option to add other
computer names to the list of computers that a user can log into
(e.g. our squid box).
Our Squid runs on Linux and has not been made a member computer of
our domain as we are not using winbind or samba. I am not sure how
to get our Squid box to register its IP in the DNS server on our
Domain Controller. I manually added a record in the DNS, but only
the full computer name (including domain name suffix) resolves.
There is not enough space to type the whole name in, under the
Active Directory options.
So I am wondering if figuring out whether investigating any of these
will allow me to still authenticate the users in squid as well as
restricting their ability to log into various local pcs. Or whether
it's a waste of time. I am not sure on the specifics of how Squid
exactly interacts with AD and whether or not this is possible.
The easiest solution is not to restrict what computers our users can
log into. But, I'd like to figure out if it's possible to restrict
them and still have squid authenticate them.
Any tips or ideas greatly appreciated. Many thanks in advance. :-)
Try adding to the allowed list the LDAP server (= Domain Controller)
used from the LDAP helper for authentication.
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@xxxxxxxxxxxxxxxxx
WWW: http://www.acmeconsulting.it/
