From owner-freebsd-isp Mon Jan 18 23:32:04 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA29021 for freebsd-isp-outgoing; Mon, 18 Jan 1999 23:32:04 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from xwin.nmhtech.com (xwin.nmhtech.com [208.138.46.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA29009 for ; Mon, 18 Jan 1999 23:32:01 -0800 (PST) (envelope-from nicole@xwin.nmhtech.com) Received: (from nicole@localhost) by xwin.nmhtech.com (8.8.8/8.8.7) id XAA01216; Mon, 18 Jan 1999 23:31:54 -0800 (PST) (envelope-from nicole) Message-ID: X-Mailer: XFMail 1.2 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii MIME-Version: 1.0 In-Reply-To: Date: Mon, 18 Jan 1999 23:31:54 -0800 (PST) From: Nicole Harrington To: Troy Kittrell Subject: RE: Squid -2 Cc: freebsd-isp@FreeBSD.ORG Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id XAA29013 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 19-Jan-99 My Secret Spies Reported That Nicole Harrington wrote: > > On 19-Jan-99 My Secret Spies Reported That Troy Kittrell wrote: >> I need to (ASAP, as usual) fire up a proxy server. I would prefer a >> Un*x based solution rather that MS Proxy server, but need to plan for >> the future. Squid seems to be the (proxy) drug of choice. That future >> holds several hundred users that I'd much rather manage the >> username/passwd from a centralized location (LDAP!). >> I've gleaned the docs for Squid and can find nothing that indicates >> that users can be authenticated from an LDAP server. LDAP seems to be >> the only choice I could try to use that all of our other corporate >> services (AS/400, Notes, NT Domains, Netware) can share. >> The purpose of the proxy server is not actually to cache and conserve >> bandwidth, but as a means to limit access from our corporate network to >> the internet. So far this has been accomplished quite well by a POS/486 >> runnning FreeBsd/ipfw/natd. I'm tired of adding rules to rc.firewall >> plus NT Domains w/DHCP doesn't actually limit people. All they have to >> do is go to a machine that gets an (ipfw) allowed address from DHCP and >> they're on. >> >> Hints? Clues? Experiences? >> > > > Why would you want to use LDAP? > Usually you filter by Ip address range. > Seems odd having to enter a password to browse the web. > > Just my .02c > > Nicole > Actually.. This is what comes from not reading a post fully. >:< Being of more sound mind.. http://squid.nlanr.net/Squid/FAQ/FAQ-10.html States: 10.2 How do I block specific users or groups from accessing my cache? Proxy Authentication Another option is to use proxy-authentication. 1.Recompile squid with -DUSE_PROXY_AUTH=1. Uncomment USE_PROXY_AUTH in src/Makefile. make clean vi src/Makefile make make install 2.Configure proxy authentication in squid.conf. proxy_auth /usr/local/squid/etc/passwd passwd is an apache-style file of passwords for authenticated proxy access Looks like username:password, with the password being standard crypt() format. 3.Create the passwd file and give the passwords to your users. You can use apache's htpasswd program to generate and maintain the passwd file. The usernames in the passwd file do not need to correspond to system user names. You may give many people the same username and password combination to access your cache. There that's better... Nicole |\ __ /| (`\ | o_o |__ ) ) // \\ nicole@nmhtech.com | http://www.webweaver.net/ webmistress@dangermouse.org | http://www.dangermouse.org -------------------------(((---(((----------------------- - Powered by Coka Cola and FreeBSD - - Stong enough for a man - But made for a Woman - - I'm not ADD - I'm just MultiThreaded - - Microsoft: What bug would you like today? - ---------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message