On 08/09/11 14:51, Bambang Sumitra wrote:
Hi,
i have following question regarding user authentication in squid,
let say i have this scenario
- there is user with username "bobby", he has 3 different device (
ipad, laptop and smartphone)
- bobby register the device to IT dept ( register the mac address )
- IT support register mac address to the system and told the system if
this 3 mac address is belong to user bobby, and setup an internet
policy for him
- bobby browse the internet using his device
- system detect there is connection with registered mac address, then
system do mac address look up, and find out this mac address is belong
to user bobby
- system arrange internet policy, which site category is allowed to user bobby
- bobby then surf the net with only allowe category site
So in short: side-band authorization based on MAC address instead of IP?
NOTE: this is not real authentication. Although it does produce a users
name.
my question is, can it done with squid+squidguard?
the point is how to told squid to do automatic user authentication via
mac address
Squid-3.2 is needed for this to work reliably. That version does MAC/EUI
lookups on both IPv4 and IPv6 by default for the required set of things
like logging and external_acl_type database lookups etc.
squidguard is not relevant. It operates on request URLs while they are
inside Squid. Access controls and authentication have already finished
and accepted the request by the time squidguard is contacted.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.15
Beta testers wanted for 3.2.0.11
