Awesome! Thanks for the general direction pointing. =)
One more question before I dive into researching LDAP. I have seen it
mentioned in other posts here, but what exactly is the nightly
snapshots? Is it a development release or something? I didn't really
see anything about it when I was going through the documentation I could
find on it, and figure I might as well inquire about it.
Thanks again for getting me pointed in the right direction!
Regards,
Scott Wrosch
desk 248.333.7700 x227
email swrosch@marketingassociates.com
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Monday, February 24, 2003 4:04 PM
> To: Scott Wrosch
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Restricting Authenticated Users
>
> Piece of cake ;-)
>
> If your domain is an AD domain then I would recommend ditching
msntauth
> and go for LDAP instead, or if you prefer using Windows NT domain
> techology to use winbind integration via Samba (see the Squid FAQ for
> details).
>
> Squid-2.5 has well evolved support for group based acl controls using
> various types of backend user databases such as Window NT Domain, LDAP
> (including MSAD and most more/less standard LDAP directories) and many
> others with simple scripting.
>
>
> For instructions on how to set up Samba/winbind for Squid see the
Suqid
> FAQ.
>
> For instructions on how to set up LDAP authentication see the LDAP
> authentication and group tools shipped with current Squid-2.5 nightly
> snapshots (what will become 2.5.STABLE2 in a not too distant future).
> There is also several posts in the squid-users archives for the last
few
> months discussing the same topic.
>
>
> If using LDAP then I strongly recommend experimenting a little with
> ldapsearch to get familiar to the LDAP structure of MS AD before
looking
> into the details of howto configure the Squid LDAP
authentication/group
> integration. The Squid LDAP tools is generic LDAP tools and some of
the
> parameters to these can only be understood if there is some
> understanding of the MS ActiveDirectory LDAP structure..
>
> Regards
> Henrik
>
>
> Scott Wrosch wrote:
>
> > What we have is a proxy that is set up to authenticate to the
Windows
> > 2000 domain using msntauth. That works fabulously.
> >
> > What my original plan to do was to set it up so that the domains
that
> > the customer service people need access to, they could get to it
> > unrestricted. Then, they would have to be authenticated in order to
> > access anything beyond that. And, using msntauth, they wouldn't be
> > allowed to.
> >
> > However, I have had a monkey wrench thrown into those plans, which
would
> > have been simple and worked well. What now needs to be done is each
> > user needs to be put into specific groups. Those specific groups
then
> > have varying access needs to specific sites. This could then entail
> > multiple users being in multiple groups. It's a huge monkey wrench
> > because we have 30+ customer service people, most of them would be
> > required to be in different groups.
> >
> > Now, with that being said, I know ACLs would definitely be involved.
> > But, what I'm wondering is if there is any simple way to do this. I
> > live by KISS (Keep It Simple, Stupid), and to me, things just got
> > extraordinarily un-simple. So, I'm looking for any hints, tips,
> > suggestions, advice, etc etc etc...
> >
> > This isn't something that I'm particularly thrilled about, but I
don't
> > make the decisions. I've been going through the squid.conf file
trying
> > to figure out possible ways of doing this, but nothing is just
coming
> > out, slapping me in the face, and saying this is the way to do it!
> >
> > Thanks in advance for any assistance anyone can offer!
> >
> > Regards,
> >
> > Scott Wrosch
> > desk 248.333.7700 x227
> > email swrosch@marketingassociates.com
> >
> > "Our greatest glory is not in never falling
> > but in rising every time we fall." -- Confucius
Received on Tue Feb 25 2003 - 06:31:31 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:36 MST