Search squid archive

Re: Windows auto-login helper application?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dale Mahalko wrote:
I need some help with setting up a fairly secure, easy to use method
of authenticating users of Windows XP with squid, that:

 * doesn't require the users to remember a name and password to use
the proxy, and does an auto-login so I can identify the user in the
proxy access logs

 * uses password encryption to prevent sniffing of passwords on the network

It does not look like NTLM authentication will work because apparently
that requires Windows to be joined to a domain before Windows will use
that method. None of the computers are in a domain, and they can't be
since this is a Novell network.

For the life o' me, I cannot figure out how to get the LDAP-auth to
connect to do a Novell eDir/NDS LDAP user lookup. Most searched
discussions regarding this are incomplete, usually ending with someone
saying "Oh I figured it out myself" and they never post what they did.
I know our LDAP server works since I can login to it using a generic
LDAP browser.


At this point I would be happy with sticking a small program in each
user's Windows roaming profile account that loads when they login and
does the authentication for them, whenever they try to use the proxy.

There is apparently no formal name for doing this sort of user-login
though so I can't search for examples of anyone doing it since I don't
know what to call it. Maybe: "Windows helper application squid
authentication"?

,

Actually this is how Novell's aging BorderManager proxy does it, using
a program called the Client Trust that sits in the taskbar and talks
to the proxy to authorize the user. It interfaces with the Novell
client to get the user's credentials.

I am not expecting or looking for anything this extravagant that also
can talk to the Novell Client. I would be fine with a
taskbar/background helper that just uses a simple hashed config file
in the user's account to authenticate them with squid.

(BorderManager is being retired by Novell next year and so I can't
expect or rely on the Client Trust authenticator to continue to be
available. And besides it is made only for BorderManager, and doesn't
work with other proxies like squid..)

,

Dale Mahalko

We have a generic LDAP how-to which may or may not be useful to you...
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ldap


Recent squid releases bundle an eDirectory helper for doing secure encrypted digest authentication. That auth method is also growing in its support from browsers etc.

Hopefully someone with a bit more experience in these auth methods will speak up. This should give you a place to start seraching anyway. Good luck.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE19
  Current Beta Squid 3.1.0.13

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux