[squid-users] integrating squid/linux with windows 2003 domain controller and active directory

From: narancs <narancs@dont-contact.us>
Date: Wed, 08 Sep 2004 10:20:59 +0200

Dear All,

We have this situation:

1. internet proxy for a company is a suse 9.0 linux dist with squid-2.5.STABLE3-110
2. proxy authentication is required
3. usernames/password should be taken from the company's windows' active directory
4. there are three groups of users: three different acls are required:
        - average joe user can only view some sites based on a list
        - leaders can view anything, but only http and https
        - sysadmins can ftp, too
5. group membership should also be taken from windows
6. pre-windows2000 protocols are not enabled because of security policy and
requirements, maybe this is the reason why msnt_auth doesn't seem to work. On a DC
that enables NT4's protocols, msnt_auth works.
7. both ldap_auth authenticators I couldn't get working, although I have seen the
ldap tree scheme, maybe I was wrong understanding it.

My question is:
- does anybody have experience and tips how to get this working?
- will ntlm_auth or msnt_auth work at all with w2k or newer when nt4's older ntlm
and lanman is disabled?
- can ldap_auth work with active directory?
- can we use group membership info somehow?
- is there any way to create a local (open)ldap replica based on the AD?
- should we use pam_auth and pam_ldap instead? or kerberos?

I could't find good exaples on google yet, to help us get it right.

If me and collegaues can't cope with it, we'll have to move back to MS ISA proxy,
which personally I don't really like.

thank you very much for your help people!
with regards
N.N.
Received on Wed Sep 08 2004 - 02:18:19 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT