Re: [squid-users] Active Directory computer login restrictions stops Squid authentication for these users

From: Serassio Guido <guido.serassio@dont-contact.us>
Date: Fri, 26 Aug 2005 17:27:20 +0200

Hi,

At 13.53 26/08/2005, D & E Radel wrote:

>Hi there
>
>Squid is authenticating with no problems with our domain via LDAP.
>
>I wish to use the built-in Active Directory account option to
>restrict which computers a user on our domain can log into (i.e.
>instead of being able to log into 'all computers', just their own).
>If I enable this setting, these users no longer access the www
>through the Squid proxy. Obviously there is an option to add other
>computer names to the list of computers that a user can log into
>(e.g. our squid box).
>
>Our Squid runs on Linux and has not been made a member computer of
>our domain as we are not using winbind or samba. I am not sure how
>to get our Squid box to register its IP in the DNS server on our
>Domain Controller. I manually added a record in the DNS, but only
>the full computer name (including domain name suffix) resolves.
>There is not enough space to type the whole name in, under the
>Active Directory options.
>
>So I am wondering if figuring out whether investigating any of these
>will allow me to still authenticate the users in squid as well as
>restricting their ability to log into various local pcs. Or whether
>it's a waste of time. I am not sure on the specifics of how Squid
>exactly interacts with AD and whether or not this is possible.
>
>The easiest solution is not to restrict what computers our users can
>log into. But, I'd like to figure out if it's possible to restrict
>them and still have squid authenticate them.
>
>Any tips or ideas greatly appreciated. Many thanks in advance. :-)

Try adding to the allowed list the LDAP server (= Domain Controller)
used from the LDAP helper for authentication.

Regards

Guido

-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Fri Aug 26 2005 - 09:27:31 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:02 MDT