Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-14-2007, 06:39 AM
|
#1
|
Member
Registered: Apr 2004
Distribution: redhat 9.0, fc4, redhat as 4
Posts: 522
Rep:
|
squid user authentication
having a linux server as transparent proxy, and all client are configured to dhcp; using SARG am getting reports of visited users. in reports i am unable to know which client visited to site (Ip address are assigned by dhcp).
due to this problem i want to authenticate each user, so in reports i will get usernames.
Is it possible to authenticate using Active Directory in transparent mode. or else solution.
|
|
|
06-14-2007, 06:54 AM
|
#2
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
no, that's not possible if you wish to do it transparently. the point of transparent proxying is to influence somethign unbeknownst to the end user and the end user software. if that client recieves an authentication prompt from a proxy which it doesn't know anything about, it's hardly going to ask the user for credentials... there are ways to require a preliminary login screen before access is permitted, but that's per use and never going to be very good. best advice i'd say is to look to drop the transparent side, which had a lot more drawbacks than you'd originally think.
|
|
|
06-14-2007, 02:30 PM
|
#3
|
Member
Registered: Apr 2004
Distribution: redhat 9.0, fc4, redhat as 4
Posts: 522
Original Poster
Rep:
|
thanks, but in reports i want atleast username or computer name from which site being visted. so do i have proof, since its office environment, i(office) policy doesn't want to block any site. but it has been defined that "not to visit any porn site."
why to trnasparent?
becasue some users (including CEO) use laptop (MAC os X) they dont allow to set proxy setting, becuase they use laptop at home. and dont want to change settings.
Any other solution
|
|
|
06-14-2007, 02:39 PM
|
#4
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417
|
ok, well still, ditch the transparency. instead use a proxy.pac / wpad.dat proxy configuration file, potentially assigned via dhcp. this way when someone connects to the network the dhcp data provided (dhcp option 252) tells them which proxy to use. when they connect elsewhere, that information isn't provided and they don't use a proxy. that's how to do things properly. then you have the full power of proxy authentication if you're after usernames. now if it's just hostnames you want, then if you have decent dns in line with your dhcp server. this can be achieved by using the log_fqdn option in the squid.conf file.
|
|
|
06-14-2007, 02:48 PM
|
#5
|
Member
Registered: Apr 2004
Distribution: redhat 9.0, fc4, redhat as 4
Posts: 522
Original Poster
Rep:
|
thanks for your quick response, i will try it
|
|
|
All times are GMT -5. The time now is 10:39 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|