Good morning all
We have an old version of squid installed on one of our servers and we are looking to replace this with a new filtering system (hopefully the latest version of squid) but just had a few questions to establish whether the new version of squid will be able to accomadate our requirements.
As we have 2 separate networks for apple and windows we have a slight issue with the apple clients connecting to the internet. At the moment With old squid we have issues with the Apple Macs authenticating with Squid, it was very slow and would prompt the user every time they would go to any site to enter their username and password. This was when we trialled out having the Apple Macs on the AD network. We had some big issues and decided that we put the Macs on their own network, directly connected to the apple server and all user authentication is done on there. How would you go about linking the user's apple Mac network creditionals with squid? this will be separate to the windows logon. At the moment with the Macs we have to bypass the proxy and go to a proxy which is given to us by our local LEA which is an issue because it means any local site blocking we do internally is not blocked on the Macs as it bypass the squid filter.
Is there a way where squid can know that there is a windows network and apple network and authenticate two different directory accounts?
Will the latest version of squid be able to differenciate between different AD groups. One issue that we have with internet is that if we block a website it blocks it for all domain users and there are certain websites that we want to block for students but not for staff. Is there a way this can be separated?
Any advice or alternatives people can advise would be most appreciated...
Unless your macs are kerberized into your Windows domain, you'll more than likely be prompted for credentials, added the fact depending on MAC OS, ntlm_auth is known to be broken within the operating system, so even single signon setups fail to work, you'll be prompted for credentials all the time.
Same with Sarafi for Windows, won't bypass single signon, as at present NTLM is broken.
If you don't want to authenticate MAC pc's you could always great a passthrough ACL for that network and allow full access.
Make sure you backup your squid.conf file, as a newer version will more than likely overwrite, and some features may not be available, its always handy when restarting the new squid to start it rebuilding any cache you have available.
Dansguardian for filtering as well, its a learning curve, but it does what it does, smoothwall have incorporated it into their commercial product.
Client > Dansguardian > Squid > Internet (Squid on local, so even with macs on passthrough, they still get filtered)
There are currently 1 users browsing this thread. (0 members and 1 guests)