Search squid archive

Re: Re: squid client authentication against AD computer account

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 
"Manoj Rajkarnikar" <manoj.rajkarnikar@xxxxxxxxx> wrote in message news:AANLkTimRPZFwid0ehc0cBFchnDc7nV=-jStXTngMmXZp@xxxxxxxxxxxxxxxxx 
Thanks for the quick response Marcus.

The reason I need to  limit computer account and not user account is
that people here move out to distant branches and the internet access
policy is to allow to the position they hold, and thus the computer
they will use.

I've successfully setup the kerberos authentication but I don't see
how squid will fetch the computer information from client request and
authorize it based on the group membership in AD. What I wish to
accomplish is:

1. create a security group in AD
2. add computer accounts to this security group
3. squid checks if the computer trying to access internet is member of
this security group.
4. if not, don't allow access to internet or request of AD user login
that is allowed.

I'm not sure if this is achievable.
I don't think this is possible with Kerberos as the ticket does not have (usable) information about the client computer. 


Thanks for the help.
Manoj

On Wed, Sep 15, 2010 at 12:28 AM, Markus Moeller
<huaraz@xxxxxxxxxxxxxxxx> wrote:


"Manoj Rajkarnikar" <manoj.rajkarnikar@xxxxxxxxx> wrote in message
news:AANLkTinGXTOwX+AysRVGoasEiqRS1qrMX2VYM8t5i3Aj@xxxxxxxxxxxxxxxxx


Hi all.

I've been trying to setup this squid box with authentication to AD
2003 server. The need in our situation is to allow the workstation
allow access to internet and not the user since the users are always
moving from station to station. I've already setup kerberos
authentication successfully. I've searched through the list for any
thing related to authorizing computer account but found none..
Why do you want to limit the computer not the user ? I assume the user login to the stations with their credentials, so moving stations should not be an 
issue or ?


I'm not very familiar with ldap queries. any help would be greatly
appreciated.. i'm trying to use squid_kerb_ldap for ldap
authorization...
squid_kerb_ldap will connect to AD and determines if a user is a member of 
an AD group. The connection to AD is authenticated using the Kerbeors key
from the squid keytab file and the AD server is found by using SRV DNS
records which are usually defined in a Windows environment with AD.


Thank you very much for your help.

Regards
Manoj
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux