Authenticating Proxy



  • Hello! I am setting up a squid proxy filter system for a school. We need to have multiple filters based on groups and users. I can get that working no problem. What I am looking for is a way to either authenticate the user with some type of portal in the web browser, OR simply authenticating with the proxy on login. We are using Windows XP clients in a Windows Server 2008 R2 domain. Basically what i'm trying to do, is get something that is either a bit more appealing or totally transparent to the end user. If you have any other sugestions i'm open to them. Thanks before hand.

    Alex.



  • This has been discussed many times, although I'm confused as to why you've asked this in Routing + Multi-WAN since this is clearly a package question.  Consider using Squid's built-in AD authentication.  Mind you, this doesn't work out of the box in the pfSense package so you'll need to spend some quality time behind the scenes with the squid documentation, but it does work as long as you have the proxy settings in the client (enforced with a GPO).



  • whoa, i'm not sure why i asked it in this section either. i'm sorry. alright, thanks for your input on this subject. I'll have to read the documentation like you said. Thanks alot.



  • @mrhotflamin:

    Hello! I am setting up a squid proxy filter system for a school. We need to have multiple filters based on groups and users. I can get that working no problem. What I am looking for is a way to either authenticate the user with some type of portal in the web browser, OR simply authenticating with the proxy sites on login. We are using Windows XP clients in a Windows Server 2008 R2 domain. Basically what i'm trying to do, is get something that is either a bit more appealing or totally transparent to the end user. If you have any other sugestions i'm open to them. Thanks before hand.

    Alex.

    Add a pass to the connection, or make a some kind of website to authenticate..



  • Or just use Captive Portal.



  • @Nachtfalke:

    Or just use Captive Portal.

    +1

    Then authenticate your Captive Portal using RADIUS.

    Step 2 would be to setup NPS in your Windows 2008 R2 machine and add the pfSense machine as a RADIUS client.

    Step 3 would be to create an Active Directory group, call it something like "pfSense Users" then use that in your NPS Policy.

    There are a bunch of steps really, you can get this thread moved to the Captive Portal section of the forum



  • @stramato:

    @Nachtfalke:

    Or just use Captive Portal.

    +1

    Then authenticate your Captive Portal using RADIUS.

    Step 2 would be to setup NPS in your Windows 2008 R2 machine and add the pfSense machine as a RADIUS client.

    Step 3 would be to create an Active Directory group, call it something like "pfSense Users" then use that in your NPS Policy.

    There are a bunch of steps really, you can get this thread moved to the Captive Portal section of the forum

    I apologize for the late response. I really need to check this more often :-X. I've looked at that option before, and its not that were simply trying to give control user access. We need to be able to have different ACL's for different users. E.G. an account for students, teachers, and administration. With each account having different access rights, kids are denied access to youtube, teachers allowed access to youtube, but denied spyware, etc. Currently i've got NPS setup on the Server 2008 machine and squid is authenticating against that. I'd like to be able to "pass" the username and password from the captive portal to the squid server. Or, if their is a way to authenticate squid with a web page that'd work to. The problem is our teachers aren't all "tech savvy or even tech comfortable, its terrible". The proxy authentication window in windows xp throws them off. If it can't be setup like this, thats fine, they'll live. I'm just looking for something that's a bit more streamlined and easy for them.


Locked