Squidguard crazyness (ACL, authentification and transparent proxy)
-
I'm just asking if this idea is good. I may be able to program it by myself.
I have a situation where SquidGuard ACL, transparent proxy, group membership, Active Directory is in the mix.
I wonder if it possible that when an unauthenticated user try to open a web page, he's automatically redirected to a webpage to authenticate himself.
This authentification Web form, served by a deamon that will take care of updating the SquidGuard ACLs, in order to associate this particular user with a particular IP address. This user won't have to authenticate until his session is finished.I know some commercial web proxy that works in a similar way, and even one that allow the installation of a daemon directly on the Domain Controller so it can automatically inform the proxy of any IP address&user association.
As far as I know, we can't use Active Directory groups in SquidGuard ACLs, even if we are using non-transparent proxy with AD authentication, am I right?
In my opinion, it works well unless you have multiple users sharing the same IP address, like with terminal servers.
I'm just asking for opinions… is it doable? useful? Or am I trying to do something too complicated for something that already exists?
Any tips would be appreciated. If enough people like the idea, this could make a nice new package.
Thanks
-
What about use Captive Portal ?
-
You mean by modifying the captive portal, or the captive portal is already able to authenticate using AD, and it's able to send user/groups to SquidGuard?