Active Directory Authentication of Dansguardian
 

I have a user operating a Windows/Active Directory environment. He wants Browser traffic filtering/inspection. I plan to deploy Squid and Dansguardian, and will need several Dansguardian groups to get the right filter for each of about 5 employee groups. I will also need to authenticate users so they are either placed in the appropriate group for their filter permissions, or will be dropped into a default whitelist group. Pretty straightforward, except I can't find how to authenticate Dansguardian against Active Directory.

Any suggestions/howtos/comments?

Thanks Guys

there are numerous ways to do things in this area, the most simplistic is to just do LDAP auth against AD. http://www.cyberciti.biz/tips/howto-...ntication.html

Yeah, but....
 

Hi Kewpie...dragging me out of the dirt again, eh? Thanks! Couple of questions:
1) I can't find squid_ldap_auth in the /usr/lib/squid directory, but I did find ldap_auth....are they the same?
2) OK, that will authenticate my users with squid; but how does that authentication commute from Squid to Dansguardian, which is where I need it to get the various DG groups to work

D'oh! Ignore the first of the supplementary questions. If I *read* the document I would have seen that the file in question referred to OS-X...Think I had a senior moment! Second question still applies, however....

Cheers

well having already started...

I'm not too au fait with DG, but it seems it runs as a down stream proxy to squid, and the authentication is still done via squid, not with DG at all. The data is still visible to DG but just an added bonus. http://dansguardian.org/downloads/de...on.html#client this looks fairly useful to actually see the architecture.

A bit further...
 

Had a major googling session, and found this:
http://howtoforge.com/dansguardian-w...on-debian-etch which gets me 90% of the way there.

However, something is still not quite right. If I try to browse sites via Firefox 3, I get an authentication window pop up as soon as I try to browse to the first site after start up. If I enter the correct username/password, it just clears the box and re-presents it. If I cancel the box, and then re-enter the username/password when the box is re-presented, it is accepted, and the browser works fine.

If, on the other hand, I attempt to use IE (latest version), the authentication window pops up, I cannot get it to accept the username/password.

All the tests to show that AD has been correctly joined seem to work correctly.

Any ideas?