[wellylug] Authenticated squid
Peter Lambrechtsen
plambrechtsen at gmail.com
Wed Apr 1 15:58:40 NZDT 2009
On Wed, Apr 1, 2009 at 12:45 PM, Xav Paice <xpaice at oss.co.nz> wrote:
> Anyone seen/installed/used a squid proxy authenticating against eDirectory?
> I'd be keen to hear your experiences.
eDirectory makes no difference, I have personally know one large govt
department use an ident service running on each windows workstation to
let Squid query against the workstation to see who is the logged on
user.
IMHO if it's eDirectory and thus a Novell shop they should use
BorderManager as its client integration is just seamless, and the
auditing of URLs connected up with something like Ingot is just
awesome. But since this is the LUG I will shut up ;)
> Also looking for reporting from the logs and possibly some auto updating url
> filter.....
>
> Any suggestions appreciated!
Squid + Windows Ident client would be the way to go, unless you want
users to login each time into eDirectory, which is also easy since
it's just another LDAP server. Need to setup a proxy account with
read access to the whole tree to login with, but after that it should
be straight forward for LDAP Auth, not a fan of it myself as it tends
to annoy users having to login each time they start their browser.
Hence why the Ident / Bordermanager + Client Trust is the superior
solution.
My 2 cents worth ;)
Peter
More information about the wellylug
mailing list