[squid-users] RE: RE : [squid-users] Transparent proxy, authenticacion,differentscenarios

From: Evelio <[email protected]>
Date: Wed, 20 Nov 2002 14:09:34 +0100

Thanks to both for the information.
Francois you anwser the question I had in mind before I write it.

First I will have to fix an sporadic problem with DHCP and netlogon.
From time to time I have the message of "... There is no domain server to
validate the password..."
and after ipconfig /renew_all on W98 and restart session everything works ok
but that's another story.

I will try this option first, if I have any problem perhaps I could use the
"force" option.

Thanks again

------------
Evelio Mart�nez

> -----Mensaje original-----
> De: Francois Liot [mailto:fliot@kyriba.com]
> Enviado el: mi�rcoles, 20 de noviembre de 2002 10:16
> Para: Henrik Nordstrom; Evelio
> CC: Squid Users
> Asunto: RE : [squid-users] Transparent proxy,
> authenticacion,differentscenarios
>
>
> Using logon script, you can reach your purpose transparently.
>
> The logon script adds correct registry keys to support proxy
> config (example)
> Using Regdmp.exe (to manipulate Registry DB from command
> script - you can find it everywhere)
> Regdmp.exe
> "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Inter
> net Settings\ProxyServer
> "http=toto:8080;ftp=toto:3128;socks=toto:3128;https=toto:3128"
>
>
> Then you are not any more in transparent proxy mode, and you can
> use NTLM automated authentication.
>
> -----Message d'origine-----
> De�: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Envoy�: mardi 19 novembre 2002 22:06
> ��: Evelio
> Cc�: Squid Users
> Objet�: RE: [squid-users] Transparent proxy,
> authenticacion,differentscenarios
>
> tis 2002-11-19 klockan 21.27 skrev Evelio:
>
> > > > 1) A transparent proxy is not possible, isn�t it?
> > >
> > > No. The browser must be configured to use a proxy for
> authentication to
> > > be possible.
> >
> > Is there any way to force the user to change the browser config ?
> > Is there any way to do it "automatically"?
>
>
> Semi-automatical: WPAD, if the browser has WPAD enabled. WPAD can set
> the proxy configuration via DHCP or DNS.
>
> Automatical: Via a domain logon script if your users are Windows users
> logging on to your domain.
>
>
> Forced: Firewall port 80, deny your users direct access. This can also
> display a web page explaining to the user that they need to configure
> the proxy settings in the browser and how (just use the same methods as
> for transparent interception, but instead of sending the traffic to
> Squid, send it to a web server).
>
> > ok, I have change "manually" by browser conf. and now I have the
> > authentication window, but
> > need to use the /usr/bin/ncsa_auth program.
> >
> > Do I have to upgrade to Squid 2.5 from sources or can i find it
> in an rpm?
>
> Most RPMs include ncsa_auth, but you should probably spend some minutes
> and decide if NCSA auth is really what you want, or if you prefer to
> integrate with a existing user directory such as LDAP / NT Domain /
> Radius / NDS/ ....
>
> For Squid-2.5 ncsa_auth is in libexec/. With a standard RPM install this
> should be /usr/libexec/squid/
>
> Regards
> Henrik
Received on Thu Nov 21 2002 - 10:37:55 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:30 MST