Squid/Dansguardian - Active directory authentication with prompt for credentials
 

Hello All,

Sorry this is another thread about authenticating against Active Directory, but having googled and searched the forums here on linux questions, I couldn't find the answers to my scenario.

I would like to be able to get squid or dansguardian to authenticate a user account against active directory so that a users browsing activities can be logged.

I can find lots a very useful info on how to set up ntlm_auth etc, but all of these methods produce a pop up window when the user launches the browser.

I'm posting this thread because I would like to be able to authenicate, but without a pop up window. Is there a way of automatically carrying out this authentication so that the user is unaware of it.

We've previously attempted authenticating against an NT4 PDC, but the users worked out that they could use any user account on the network, not just the user that was logged in which kinda defeated the whole idea of logging the users activity.

My current setup is:

Windows 2003 AD
Windows XP Clients, soon to be converted to windows 7.
Fedora 11 running squid and dansguardian.


Can anyone offer advice or point me in the direction of a web article that may help me solve the above scenario??

Many thanks.

Pete

You need to disable basic + digest auth(these are the popup type authentications) and only allow people in via ntlm auth. And you need to use IE for that to work.


I haven't tried it but here's another one that does similar things...

http://ntlmaps.sourceforge.net/

Can you configure them to authenticate against OpenLDAP? OpenLDAP and Active Directory both use the ldap protocol for searching their directories.

This is normal I think. I have seen Windows machines using IE ask for a username and password against Microsoft's proxy server. The only option I have seen people use is to save the password.