Server :: Squid/Dansguardian - Active Directory Authentication With Prompt For Credentials
Oct 5, 2010
I would like to be able to get squid or dansguardian to authenticate a user account against active directory so that a users browsing activities can be logged.
I can find lots a very useful info on how to set up ntlm_auth etc, but all of these methods produce a pop up window when the user launches the browser.
I'm posting this thread because I would like to be able to authenicate, but without a pop up window. Is there a way of automatically carrying out this authentication so that the user is unaware of it.
We've previously attempted authenticating against an NT4 PDC, but the users worked out that they could use any user account on the network, not just the user that was logged in which kinda defeated the whole idea of logging the users activity.
My current setup is:
Windows 2003 AD
Windows XP Clients, soon to be converted to windows 7.
Fedora 11 running squid and dansguardian.
I have configured squid with AD. It is working fine. Now I want to use dansguardian with squid for web filtering on group bases, what should I do. What configuration i have to do in squid for dansguardian and all my users in AD also authenticate with dansguardian and also how I use dansguardian.
I have a squid server currently running with basic authentication. This is a must because we constantly have different people using different machines but the rules must be set per user, not per machine.
We also have a lot of users coming and going. So every time a new user comes to the office I have to manually create a user for him so he can authenticate.
Anyway.. We do not have any windows servers so no Active Directory. But I need some solution to pass the windows login to Squid.
First question: It seems I am using NTLM currently for samba as the person can map their home directories on their windows box withuot authenticating. Why can I not use it for squid?
Second question: Can I make my Centos server into an AD server?
I'm fairly new to Linux and very new to Squid and am having authentication issues! I am using Oracle Enterprise Linux (which is basically Red Hat without the branding) and wanting to use Squid Proxy Server for web access with authentication to Active Directory. I've found a number of articles about this online and all of them say to use auth program squid_ldap_conf which should be in /usr/lib/squid/. I don't have a squid directory in /usr/lib for starters and my squid binaries are in /etc/squid but there is no squid_ldap_conf in there either. I have installed the latest version of Squid (3.0) to see if that helped but I still cannot find the authorisation program.
I've got this current configuration : 1 squid server authenticating with 1 forest abc.com, then another company wants to joint but in different forest efg.com, I've already configured trust relationshipt between them.
How should I configured at squid.conf so it will authenticate both domain ?
At squid.conf I've already configured like the following below for abc.com :
Is it enough to adding a new line for auth_param basic program for efg.com ?
I've been working on building an LTSP server for diskless booting. I have a tftp server that's booting the system. I followed the steps on [URL] .... to build the LTSP server.
I had to make one change from the guide. I have a cisco router that's acting as the DHCP, I'm not very familiar with Cisco IOS so instead of playing with that, I decided to modify the default file on the PXE.
I commented the kernel append line and added the following instead
I'm mounting the nfs as a rw file system for now. I'm planning to make it read only once I have it working the way I want. In addition to this, I also chroot into the LTSP root and installed lightdm + mate. As I understood what I read, this would boot the environment on the diskless system. All of this seem to work correctly.
What I need to do next is to find a way to setup the LTSP clients to log in by authenticating on the active directory. I understand that the login account used by the LTSP client has to exist on the LTSP server.
I have successfully added the LTSP server as a worksation within the windows domain and I can log into domain accounts from the LTSP server but domain credentials do not work when using an LTSP client, I can only log in if I use an account that exists on the LTSP server. I wanted to know if there is a way to accomplish AD authentication.
Do I have to build an LDAP server on the LTSP server, sync accounts with the Active Directory to be able to log in with AD credentials?
I've been pulling my hair out and can't figure out what's wrong. I have dhcp, squid, and dansguardian all running on my server, but when I point a client to it for a proxy (192.168.1.15:8080) and try to get to a website, nothing happens and the connection times out. When I don't bother with the proxy, the client has no trouble getting to the internet. I've verified I can ping the server and gateway from both machines. And the services are running, no errors noted in the logs. Do I need to do any iptables or selinux changes?
My network is very basic, several clients on the same network as the server, connected to a verizon gateway. Local addresses are 192.168.1.x. The server is 192.168.1.15, gateway is 192.168.1.1.
I have around 9 squid proxy servers and going to deploy Dansguardian on all of them. But I feel managing individual copy/server would be an tedious job hence please let me know if any one aware of centralized management solution for Squid+Dansguardian? Or if not let me know if you are aware of any such other Open Source product.
I have squid running perfectly and I added MySQL Squid Access Report 2.1.4 and the reports works just fine. The problem its when I add a dansguardian content filter, from that moment the only IP address that appears on the report its the box itself (I have all running on the same box).
IPtables forward requests to port 8080 Dansguardian listening on port 8080 forwards to squid on port 3128 Squid on port 3128 to internet (Here I review the logs with MySar).
I know it is because the actual http request for Squid came from Dansguardian's IP address (its the job of the proxy). how to have the real IP address on the reports.
I've been trying to find a single set of instructions that define how to configure Fedora 12 to authenticate using Active directory without 100 steps (plus or minus) but difficult at best. I have about 12 Fedora 12 servers running as stand alone servers in a Windows 2003 network.
Can someone point me to a great set of instructions that can easily be replicated across multiple servers and a few workstations?
I'm actually a software developer, develop exclusively on Linux, and do know how to go about taking care of a Linux distro, so don't start telling me that 'sudo' isn't a sushi roll...
Question... I want to implement an Active Directory like authentication in a Linux-only environment. My office has approximately 15-25 local desktop PCs all running Ubuntu 10+ and one Ftp & SVN server running Ubuntu 10+.
Each developer has his/her own personal local account on his PC, and the shared PCs have different, local accounts for those developers. The FTP server has ONE (!!) account that everybody uses to access it, as does SVN.
The big picture is that I would like to install & configure a VPN server for remote developers. Before doing that, I'd like to find a way to unify the users across the network so that there exists only one UserX in the network.
I want to install a FTP server (VSFTPD) on my Redhat Enterprise Linux 5.5 and i want to use Active Directory LDAP (windows server 2008 enterprise) for authentication. I can't add my windows LDAP to FTP server. I try my best but i cant to config it.
I have an old Apache version (1.3.11) and an old Redhat release (2.1.12-20 - Cartman)and need to authenticate a Windows 2003 domain. The authentication to an NT domain already works as expected (see below) but unfortunately I am unable to find the correct LDAP module for V1.3.11 to allow authentication.
From what I have read the LDAP module needs to be compiled with Apache but I am really not sure. Unfortunately I am unable to upgrade to Apache2 when I could presumibly use the authnz_ldap_module but if someone could point me to the correct LDAP module for 1.3.11 it .
Ive installed openldap-1.2.9-6 and openldap-devel-1.2.9-6 but don't particulary want to go down configuring LDAP when hopefully I can simply add the LDAP module to Apache which was not compiled in Apache initially.
Also, do I need to specifiy the AD domain password in the directives or can the Windows lads just create any account I can use.
My company have an Active Directory to authenticate the user. Now we're implementing a web page in a linux webserver using PHP but one new request is to authenticate the user against AD. The problem is that we need to use SSL or another way to make secure the authentication. We don't know if using openldap and php can do this in a easy way.
I've configured kerberos authentication on my centos 5.2 box. When I kinit with a username in AD and not on the centos box, I get a TGT. However, I cannot log into the centos box as any of the AD users. This is probably a stupid question but do I also need to create the account's on the centos box that I have in AD? If so, does that mean i can then use pam to authenticate users on my cyrus imap process running on the centos box?
Has anyone had success in getting likewise open or another tool to allow domain users to log in with wireless networking? I have an issue where GDM comes up, users attempts to log in and gets authentication error. After a few minutes it works. Centrify has the same issue.
I've tried removing network-manager and using /etc/network/interfaces to set up networking, which helps, but there's a 1-3 minute delay before a user may log in for the first time after a reboot. My theory is gdm gets loaded before networking is up. There's got to be a work around for this. Even having gdm just hanging for a minute while it waits for networking would be acceptable.
I'm having a problem with squidguard filter with AD authentication. I have downloaded the latest stable source package from squidguard site and I followed the instructions for the ldap(AD) authentication but it does not work at all.I have googled and tried everything but no luck. (first 30 hits on google) Anyway this is the LDAP auth part: http://www.squidguard.org/Doc/authentication.html at squidguard and this is how to build the package.
I have just installed the 32bit and 64bit versions of CentOS 5.5 and was wondering how I can add these machines to Active Directory for authentication. I've done this in the past with CentOS 5.4 using the GUI and everything worked just fine but now need to do everything from the command line.
Since yesterday I'm fighting with OpenVPN on Ubuntu 10.04TLS and I can not cope with the authorization of users from Windows 2008 AD server. It looks like this: Published 93.159.XX.XX IP address the router and all traffic directed to the internal LAN IP 10.0.1.210. Customers who will combine the different platforms are Mac OS, Linux, Windows XP, 7, Vista. The whole domain is for Windows 2008. Uploader authLDAP module, but I still can not connect, that is, not after entering the username and password from the W2K8 domain does not log