On 17/10/17 22:39, Rafael Akchurin wrote:
Hello everyone,
I would like to get your opinions on the subject.
*Problem*: admin needs to manage squid acls (and icap web filter
settings) using security groups from Active Directory. For non-technical
reasons, setup of explicit proxy settings and thus enforcing proxy
authentication on Squid is not possible.
*Solution*:
1.Deploy some agent on domain controller that would periodically
enumerate workstation IPs and get currently logged on users by WMI or
something like this. This is fine and already working in our project at
https://github.com/diladele/active-directory-inspector
2.Let Squid somehow use the remote running inspector to match the IP
address to user names (and expose the user name to ICAP eventually). May
be anyone knows the type of helper/acl/annotation that needs to be in
running/configured on the Squid box?
That kind of authorization is the purpose of the session and LDAP
external ACL helpers. Though AFAIK neither of them uses the AD interface
(YMMV if the Perl DB module can use AD as an SQL-like database).
You might be able to also be use the Basic auth LDAP helper from
Squid-3.4+ as an external ACL helper. It will require some fiddling of
the LDAP parameters and the ACL input format to make the external ACL
input into the Basic-auth lookup.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
