Squidguard crazyness (ACL, authentification and transparent proxy)

  • I'm just asking if this idea is good. I may be able to program it by myself.

    I have a situation where SquidGuard ACL, transparent proxy, group membership, Active Directory is in the mix.

    I wonder if it possible that when an unauthenticated user try to open a web page, he's automatically redirected to a webpage to authenticate himself.
    This authentification Web form, served by a deamon that will take care of updating the SquidGuard ACLs, in order to associate this particular user with a particular IP address. This user won't have to authenticate until his session is finished.

    I know some commercial web proxy that works in a similar way, and even one that allow the installation of a daemon directly on the Domain Controller so it can automatically inform the proxy of any IP address&user association.

    As far as I know, we can't use Active Directory groups in SquidGuard ACLs, even if we are using non-transparent proxy with AD authentication, am I right?

    In my opinion, it works well unless you have multiple users sharing the same IP address, like with terminal servers.

    I'm just asking for opinions… is it doable? useful? Or am I trying to do something too complicated for something that already exists?

    Any tips would be appreciated. If enough people like the idea, this could make a nice new package.


  • What about use Captive Portal ?

  • You mean by modifying the captive portal, or the captive portal is already able to authenticate using AD, and it's able to send user/groups to SquidGuard?

Log in to reply