Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 31 October 2024, 08:26:11 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14248 Posts in 4376 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Squid Proxy authentication based ldap group!
0 Members and 4 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Squid Proxy authentication based ldap group!  (Read 16798 times)
zibra
Jr. Member
*
Offline Offline

Posts: 4


« on: Tuesday 07 September 2010, 02:31:17 am »

Hi community,
I'd like to authenticate users for accessing Internet via Endian Proxy based group (Using OpenLDAP). I'm using EFW 2.4. I can query groups in my LDAP server from Endian but I can't control accessing Internet by group on LDAP. This is ldif file for a group on my LDAP Server.

dn: cn=Internet,ou=Group,dc=domain,dc=com
userPassword: {crypt}x
objectClass: top
objectClass: posixGroup
cn: Internet
gidNumber: 501
memberUid: user01
memberUid: user02

I've created Access Policy to accessing Internet based group but it didn't effect. At present, Anyone who can authenticate to LDAP server, they can access to Internet. I only want users which belong to Internet group, can access to Internet.

Please give any recommendations.

Many thanks for your regards,
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Tuesday 07 September 2010, 06:52:33 am »

Check HTTP Proxy Mode. you must set it as non-transparent
Clients are configured to use non transparent proxy?
If yes, delete any http rule on Outgoing firewall.

Endian has two Proxy modes:
-Non-Transparent: You need to reconfigure all your clients to use the HTTP proxy (by default on port 8080). The HTTP proxy doesn't manage the port 80 (HTTP port), it is managed by the Outgoing firewall. So if you have any rule that permits traffic via TCP 80, users can browse via port 80, unrestricted and without proxy.
-Transparent: Endian intercepts HTTP traffic on port 80, so you don't need to reconfigure the client's browser to use proxy. The HTTP proxy manages the port 80 (HTTP port), overriding any rule on the Outgoing firewall.
Logged
zibra
Jr. Member
*
Offline Offline

Posts: 4


« Reply #2 on: Wednesday 08 September 2010, 01:09:20 am »

Hi mrkroket,
Thanks for your information.
I'm using Non-transparent Proxy Mode. I've authenticated user to my proxy via openldap. Each time, users want to access to Internet, they must login ldap username/password to authenticate with ldap server. After authenticated, they can access to Internet. These are operating very well. However, I want to restrict accessing to Internet which based ldap group. Only users which belong to ldap group can authenticate and access to Internet, Users which not belong to ldap group, they can't authenticate and access to Internet.

Many thanks,
Logged
zibra
Jr. Member
*
Offline Offline

Posts: 4


« Reply #3 on: Wednesday 06 October 2010, 06:15:30 am »

Any ideal? Huh
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #4 on: Wednesday 06 October 2010, 06:21:01 am »

I'm sorry I only used Active Directory, which is pretty straightforward. Just add users to a group and use that group on a rule.

Do you have your LDAP groups on Endian? Can you assign a group on a rule?
Logged
zibra
Jr. Member
*
Offline Offline

Posts: 4


« Reply #5 on: Wednesday 06 October 2010, 03:17:26 pm »

Yes, I can do that. I can see the ldap groups in Endian and assign the group to rule. But the users not belong to Internet group still can authenticate and access to Internet.

Thanks for your regarding,
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com