Hi All Is it possible to get squid to use ldap to authenticate users via novell. I want it implement a squid but I want users to enter there username and passwords with out giving them a new set of usernames and passwords and confusing my minions. has any one out there done this kind of implementation yet ? Regards Thomas Wheeler
On Sep 25, Thomas Wheeler
Is it possible to get squid to use ldap to authenticate users via novell. I want it implement a squid but I want users to enter there username and passwords with out giving them a new set of usernames and passwords and confusing my minions. Google: squid auth ldap http://www.surf.org.uk/src/squidauth.html
Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
Hi All
Is it possible to get squid to use ldap to authenticate users via novell. I want it implement a squid but I want users to enter there username and passwords with out giving them a new set of usernames and passwords and confusing my minions.
has any one out there done this kind of implementation yet ?
Regards
Thomas Wheeler
Hello Thomas, we've got a similar configuration up and running as follows: In a private LAN we have NT- and Win2k- Workstations with Novell-Netware-Clients, getting their IP-Addresses via DHCP. On a Suse-7.2-Linux-Box runs Squid, which is the one and only host of the private LAN allowed to cross the Firewall with http-related requests. A Netware-Server with LDAP installed, translates NDS-Attributes of our choice to LDAP. According to our Policies only some of our users are allowed to surf the net. To enable these "privileged" users, we put them into a certain NDS-group. On the squidhost every 15 Minutes runs a perlscript, which asks the LDAP Server for a list of IP-Adresses, where members of this group are currently logged in. This list is than formatted as an Client-Adress-ACL for squid. Hence users have to authenticate themselves only once to the Netware-Server and get enabled or not - independent of their current IP-Adresses - iff they are members of this privileged group. If you are interested in details regarding LDAP-attributes, Versions, above mentioned perlscript (dirty hack!) or so, please feel free to contact me privately. Mit freundlichen Grüßen Dr. H. Rosner Stadtverwaltung Jena Hauptamt / Datenverarbeitung Tel: 03641 49 2053 Fax: 03641 49 2222 eMail: ros@jena.de
Am Mittwoch, 25. September 2002 22:25 schrieb Dr. Harro Rosner:
Hi All
Is it possible to get squid to use ldap to authenticate users via novell. I want it implement a squid but I want users to enter there username and passwords with out giving them a new set of usernames and passwords and confusing my minions.
has any one out there done this kind of implementation yet ?
Regards
Thomas Wheeler
Hello Thomas,
we've got a similar configuration up and running as follows:
In a private LAN we have NT- and Win2k- Workstations with Novell-Netware-Clients, getting their IP-Addresses via DHCP.
On a Suse-7.2-Linux-Box runs Squid, which is the one and only host of the private LAN allowed to cross the Firewall with http-related requests.
A Netware-Server with LDAP installed, translates NDS-Attributes of our choice to LDAP.
According to our Policies only some of our users are allowed to surf the net.
To enable these "privileged" users, we put them into a certain NDS-group. On the squidhost every 15 Minutes runs a perlscript, which asks the LDAP Server for a list of IP-Adresses, where members of this group are currently logged in. This list is than formatted as an Client-Adress-ACL for squid.
Hence users have to authenticate themselves only once to the Netware-Server and get enabled or not - independent of their current IP-Adresses - iff they are members of this privileged group.
If you are interested in details regarding LDAP-attributes, Versions, above mentioned perlscript (dirty hack!) or so, please feel free to contact me privately. Mit freundlichen Grüßen
Dr. H. Rosner Stadtverwaltung Jena Hauptamt / Datenverarbeitung
Tel: 03641 49 2053 Fax: 03641 49 2222 eMail: ros@jena.de
* Thomas Wheeler wrote on Wed, Sep 25, 2002 at 09:06 +0200:
has any one out there done this kind of implementation yet ?
If you want to avoid cleartext passwords also, squid-IP_AUTH may be a point to start: http://sws.dett.de/squid-IP_AUTH.shtml oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (5)
-
Dr. Harro Rosner
-
Markus Gaugusch
-
Steffen Dettmer
-
theo.grimm@t-online.de
-
Thomas Wheeler