EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Friday 01 November 2024, 01:20:57 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
The Latest Endian Firewall is now available for download
HERE
14248
Posts in
4376
Topics by
6515
Members
Latest Member:
hulteends
Search:
Advanced search
EFW Support
Support
General Support
Squid Proxy authentication based ldap group!
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Squid Proxy authentication based ldap group! (Read 16810 times)
zibra
Jr. Member
Offline
Posts: 4
Squid Proxy authentication based ldap group!
«
on:
Tuesday 07 September 2010, 02:31:17 am »
Hi community,
I'd like to authenticate users for accessing Internet via Endian Proxy based group (Using OpenLDAP). I'm using EFW 2.4. I can query groups in my LDAP server from Endian but I can't control accessing Internet by group on LDAP. This is ldif file for a group on my LDAP Server.
dn: cn=Internet,ou=Group,dc=domain,dc=com
userPassword: {crypt}x
objectClass: top
objectClass: posixGroup
cn: Internet
gidNumber: 501
memberUid: user01
memberUid: user02
I've created Access Policy to accessing Internet based group but it didn't effect. At present, Anyone who can authenticate to LDAP server, they can access to Internet. I only want users which belong to Internet group, can access to Internet.
Please give any recommendations.
Many thanks for your regards,
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: Squid Proxy authentication based ldap group!
«
Reply #1 on:
Tuesday 07 September 2010, 06:52:33 am »
Check HTTP Proxy Mode. you must set it as non-transparent
Clients are configured to use non transparent proxy?
If yes, delete any http rule on Outgoing firewall.
Endian has two Proxy modes:
-Non-Transparent: You need to reconfigure all your clients to use the HTTP proxy (by default on port 8080). The HTTP proxy doesn't manage the port 80 (HTTP port), it is managed by the Outgoing firewall. So if you have any rule that permits traffic via TCP 80, users can browse via port 80, unrestricted and without proxy.
-Transparent: Endian intercepts HTTP traffic on port 80, so you don't need to reconfigure the client's browser to use proxy. The HTTP proxy manages the port 80 (HTTP port), overriding any rule on the Outgoing firewall.
Logged
zibra
Jr. Member
Offline
Posts: 4
Re: Squid Proxy authentication based ldap group!
«
Reply #2 on:
Wednesday 08 September 2010, 01:09:20 am »
Hi mrkroket,
Thanks for your information.
I'm using Non-transparent Proxy Mode. I've authenticated user to my proxy via openldap. Each time, users want to access to Internet, they must login ldap username/password to authenticate with ldap server. After authenticated, they can access to Internet. These are operating very well. However, I want to restrict accessing to Internet which based ldap group. Only users which belong to ldap group can authenticate and access to Internet, Users which not belong to ldap group, they can't authenticate and access to Internet.
Many thanks,
Logged
zibra
Jr. Member
Offline
Posts: 4
Re: Squid Proxy authentication based ldap group!
«
Reply #3 on:
Wednesday 06 October 2010, 06:15:30 am »
Any ideal?
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: Squid Proxy authentication based ldap group!
«
Reply #4 on:
Wednesday 06 October 2010, 06:21:01 am »
I'm sorry I only used Active Directory, which is pretty straightforward. Just add users to a group and use that group on a rule.
Do you have your LDAP groups on Endian? Can you assign a group on a rule?
Logged
zibra
Jr. Member
Offline
Posts: 4
Re: Squid Proxy authentication based ldap group!
«
Reply #5 on:
Wednesday 06 October 2010, 03:17:26 pm »
Yes, I can do that. I can see the ldap groups in Endian and assign the group to rule. But the users not belong to Internet group still can authenticate and access to Internet.
Thanks for your regarding,
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.047 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com