I am a bit wary of having a logon box appear when people access the Internet. I don't want 'my' users to make a mental connection between domain credentials and Internet Explorer. Don't want to make life too easy for the phishermen.
Now OWA seems to have passthrough authentication for access in a domain session. Can the same thing be implekmted for Censornet/Dansguardian web filter?
Well its not anything to do with Dansguardian. Its squid you need to configure to do this. 1000 mile overview as follows:
1. Get Samba + Winbind working on the domain correctly as a domain member.
2. Add the following to your squid.conf:
If censornet does funky things with the squid.conf, tread with care. There's plenty of help on google if you search for 'Squid NTLM Auth'.Code:auth_param ntlm program /usr/lib/squid/wb_ntlmauth auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm use_ntlm_negotiate off acl Authenticated proxy_auth REQUIRED http_access deny !Authenticated
The only other gotcha is if you use Firefox/Mozzila. The proxy server needs to be listed in the ntlm whitelist in the prefs for transparent auth to work.
Where "mydomainname" is your AD's dns domain name.Code:network.automatic-ntlm-auth.allow-proxies - true network.automatic-ntlm-auth.trusted-uris - http://mydomainname network.negotiate-auth.delegation-uris - http://mydomainname network.negotiate-auth.trusted-uris - http://mydomainname
I doubt your going to be able to mod Censornet as I suspect someone would have done it by now. More than likely something will break. Setting up on a vanilla system is straight forward.
Censornet uses template files for most of the configuration files so you need to edit them else you will loose all your changes on a reboot.
I followed many guides to get it working on a vanilla system but this one was the best.
Thanks guys.
Lots to ponder.
V4 of Censornet [should be in beta now] is slated to have automatic authentication.
In the free edition too?
As far as I know, yes.
Theres no news on a public beta yet but they are currently developing it. You can show your interest on the site though to be a beta tester later on.
IPCop with AdvProxy+URLFilter addons will do transparent auth, but no group/user filtering.
I'd roll my own custom box from <insert favorite distro> personally. It's more flexible in the long run.
I haven't got that Scout badge yet
Then it's time you did. Stick Debian on some spare hardware. Help and assistance is avalible in the Linux forum if you require it.
Yes master Jedi
/me curtsies
Debian is my distro of choice.... Anyway must go fire alarm is going off
Hmmm do Microsoft provide your fire alarms?
No perish the thought!!!
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote