LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   squid user authentication (https://www.linuxquestions.org/questions/linux-networking-3/squid-user-authentication-561730/)

Ammad 06-14-2007 05:39 AM
squid user authentication
 
having a linux server as transparent proxy, and all client are configured to dhcp; using SARG am getting reports of visited users. in reports i am unable to know which client visited to site (Ip address are assigned by dhcp).

due to this problem i want to authenticate each user, so in reports i will get usernames.

Is it possible to authenticate using Active Directory in transparent mode. or else solution.

acid_kewpie 06-14-2007 05:54 AM
no, that's not possible if you wish to do it transparently. the point of transparent proxying is to influence somethign unbeknownst to the end user and the end user software. if that client recieves an authentication prompt from a proxy which it doesn't know anything about, it's hardly going to ask the user for credentials... there are ways to require a preliminary login screen before access is permitted, but that's per use and never going to be very good. best advice i'd say is to look to drop the transparent side, which had a lot more drawbacks than you'd originally think.

Ammad 06-14-2007 01:30 PM
thanks, but in reports i want atleast username or computer name from which site being visted. so do i have proof, since its office environment, i(office) policy doesn't want to block any site. but it has been defined that "not to visit any porn site."

why to trnasparent?
becasue some users (including CEO) use laptop (MAC os X) they dont allow to set proxy setting, becuase they use laptop at home. and dont want to change settings.

Any other solution

acid_kewpie 06-14-2007 01:39 PM
ok, well still, ditch the transparency. instead use a proxy.pac / wpad.dat proxy configuration file, potentially assigned via dhcp. this way when someone connects to the network the dhcp data provided (dhcp option 252) tells them which proxy to use. when they connect elsewhere, that information isn't provided and they don't use a proxy. that's how to do things properly. then you have the full power of proxy authentication if you're after usernames. now if it's just hostnames you want, then if you have decent dns in line with your dhcp server. this can be achieved by using the log_fqdn option in the squid.conf file.

Ammad 06-14-2007 01:48 PM
thanks for your quick response, i will try it


All times are GMT -5. The time now is 04:50 AM.