+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
How do you do....it? Thread, Pass through authentication with Dansguardian based webfiltr in Technical; I am a bit wary of having a logon box appear when people access the Internet. I don't want 'my' ...
  1. #1

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Pass through authentication with Dansguardian based webfiltr

    I am a bit wary of having a logon box appear when people access the Internet. I don't want 'my' users to make a mental connection between domain credentials and Internet Explorer. Don't want to make life too easy for the phishermen.

    Now OWA seems to have passthrough authentication for access in a domain session. Can the same thing be implekmted for Censornet/Dansguardian web filter?

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Pass through authentication with Dansguardian based webf

    Well its not anything to do with Dansguardian. Its squid you need to configure to do this. 1000 mile overview as follows:

    1. Get Samba + Winbind working on the domain correctly as a domain member.

    2. Add the following to your squid.conf:

    Code:
    auth_param ntlm program /usr/lib/squid/wb_ntlmauth
    auth_param ntlm children 5
    auth_param ntlm max_challenge_reuses 0
    auth_param ntlm max_challenge_lifetime 2 minutes
    auth_param ntlm use_ntlm_negotiate off
    
    acl Authenticated proxy_auth REQUIRED
    http_access deny !Authenticated
    If censornet does funky things with the squid.conf, tread with care. There's plenty of help on google if you search for 'Squid NTLM Auth'.

    The only other gotcha is if you use Firefox/Mozzila. The proxy server needs to be listed in the ntlm whitelist in the prefs for transparent auth to work.
    Code:
    network.automatic-ntlm-auth.allow-proxies - true
    network.automatic-ntlm-auth.trusted-uris - http://mydomainname
    network.negotiate-auth.delegation-uris - http://mydomainname
    network.negotiate-auth.trusted-uris - http://mydomainname
    Where "mydomainname" is your AD's dns domain name.

  3. #3
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106

    Re: Pass through authentication with Dansguardian based webf

    I doubt your going to be able to mod Censornet as I suspect someone would have done it by now. More than likely something will break. Setting up on a vanilla system is straight forward.
    Censornet uses template files for most of the configuration files so you need to edit them else you will loose all your changes on a reboot.
    I followed many guides to get it working on a vanilla system but this one was the best.

  4. #4

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Pass through authentication with Dansguardian based webfiltr

    Thanks guys.

    Lots to ponder.

  5. #5
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,958
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Pass through authentication with Dansguardian based webfiltr

    V4 of Censornet [should be in beta now] is slated to have automatic authentication.

  6. #6

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Pass through authentication with Dansguardian based webfiltr

    In the free edition too?

  7. #7
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,958
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Pass through authentication with Dansguardian based webfiltr

    As far as I know, yes.

  8. #8
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106

    Re: Pass through authentication with Dansguardian based webf

    Theres no news on a public beta yet but they are currently developing it. You can show your interest on the site though to be a beta tester later on.

  9. #9

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,401
    Thank Post
    637
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319

    Re: Pass through authentication with Dansguardian based webfiltr

    IPCop with AdvProxy+URLFilter addons will do transparent auth, but no group/user filtering.

  10. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Pass through authentication with Dansguardian based webfiltr

    I'd roll my own custom box from <insert favorite distro> personally. It's more flexible in the long run.

  11. #11

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Pass through authentication with Dansguardian based webfiltr

    I haven't got that Scout badge yet

  12. #12

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Pass through authentication with Dansguardian based webf

    Then it's time you did. Stick Debian on some spare hardware. Help and assistance is avalible in the Linux forum if you require it.

  13. #13

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Pass through authentication with Dansguardian based webfiltr

    Yes master Jedi

    /me curtsies

  14. #14
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,999
    Thank Post
    120
    Thanked 280 Times in 258 Posts
    Rep Power
    106

    Re: Pass through authentication with Dansguardian based webf

    Debian is my distro of choice.... Anyway must go fire alarm is going off

  15. #15

    Join Date
    Feb 2006
    Posts
    1,187
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Re: Pass through authentication with Dansguardian based webfiltr

    Hmmm do Microsoft provide your fire alarms?

    No perish the thought!!!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 10
    Last Post: 11th May 2010, 10:13 AM
  2. PASS Use
    By dave.81 in forum MIS Systems
    Replies: 2
    Last Post: 18th October 2007, 07:56 AM
  3. Pass the Kleenex - Im still crying..
    By m25man in forum Other Stuff
    Replies: 2
    Last Post: 24th July 2007, 11:40 PM
  4. Anyone use PASS 4 Windows?
    By dave.81 in forum MIS Systems
    Replies: 2
    Last Post: 29th March 2007, 12:16 PM
  5. PHP based Helpdesk with IMAP or POP3 authentication?
    By wesleyw in forum How do you do....it?
    Replies: 5
    Last Post: 18th October 2006, 01:08 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •