Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 27 December 2024, 09:32:34 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Development
| |-+  Contribute Your Customisations & Modifications
| | |-+  Transparent Edirectory Authentication
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Transparent Edirectory Authentication  (Read 54019 times)
martman22
Full Member
***
Offline Offline

Posts: 27


« on: Thursday 09 December 2010, 06:20:17 am »

Hi,

Here are some instructions for setting up transparent edirectory authentication with Endian 2.4. It seems to work well and content filtering and the other options are still selectable and function. I was not able to get LDAP ssl working for this, but since the transparent check does not need passwords it may not be needed. Also since I am not a perl or cgi programmer by trade I did not enable multiple edirectory groups. If you are a programmer and can make those few changes for selecting groups it would be appreciated.

It would be great if the endian team would consider adding this authentication type as a standard feature in a future release.

Note:  This add-on allows users logged into an edirectory server to access the http proxy without a login prompt.

!!Update:   Updated instructions for secure authentication and also tips on redundancy for auth and proxy server using dns.
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #1 on: Friday 10 December 2010, 03:01:02 am »

Very very interesting, thanks. żIs there some setup to do the same with Active Directory?
Logged
martman22
Full Member
***
Offline Offline

Posts: 27


« Reply #2 on: Friday 10 December 2010, 05:33:04 am »

Looks like you already have that in NTLM AD authentication.
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #3 on: Tuesday 14 December 2010, 04:30:01 am »

It's not the same. I've been testing with non-transparent proxy, and it's more problematic than transparent one.
Although it correctly filter out https, I have problems with some programs and some services.

Logged
martman22
Full Member
***
Offline Offline

Posts: 27


« Reply #4 on: Tuesday 14 December 2010, 12:26:15 pm »

I hope we are not confusing transparent proxy with transparent authentication where a user does not need to login per say. This will only work with a non-transparent proxy as far as I know. This add-on feature is the latter. Sorry for the confusion.
Logged
martman22
Full Member
***
Offline Offline

Posts: 27


« Reply #5 on: Tuesday 22 February 2011, 12:15:00 am »

A  quick modifications.
Corrected the squid template file to fix a problem with the antivirus not linking with the transparent proxy. I also shortened the fall back authentication to a single line in squid conf.
Logged
martman22
Full Member
***
Offline Offline

Posts: 27


« Reply #6 on: Saturday 21 May 2011, 12:41:26 am »

This mod should also work with version 2.4.1 - follow the directions with the following exception: make the script change to proxypolicy.cgi instead of proxyconfig.cgi.
Logged
whoiam55
Full Member
***
Offline Offline

Posts: 71



WWW
« Reply #7 on: Thursday 23 June 2011, 01:05:51 am »

Nice one, thanks you very much
Logged

सत्यमेव जयते!
martman22
Full Member
***
Offline Offline

Posts: 27


« Reply #8 on: Friday 02 September 2011, 04:55:54 am »

FYI. 
For eDir=> 8.8 on Linux Suse server change the following line in squid_edir_iplookup.pl :

$netaddress="1\#";

to

$netaddress=sprintf("9\#%c%c",0,0);

Logged
martman22
Full Member
***
Offline Offline

Posts: 27


« Reply #9 on: Saturday 12 November 2011, 06:22:36 am »

Here is an update to the squid helper app that will work with both types of edirectory servers. Change the name of this script to the same as in your squid.conf before using. And of course modify it with your correct edirectory parameters.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com