Dansguardian and Active Domain authentication

T

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,193
Reaction score
10,233
Location
Nkaaaaandla
Hi

Anybody had any success in getting advanced proxy + dansguardian to work with microsoft active domain so that any user is requested for his/her username and password when wanting to surf the net?

I'm trying to figure out things here, but at this stage it is not pretty.

Regards

Libs
 
Unfortunately I haven't. It was on my list of things to try and work out, as this is basically what my old high school needed.

However, I did have a manual Squid+Dansguardian running at my previous job. Basically, DG passes everything to Squid, which in turn passes all authentication to Active Directory.

I was trying to configure Advanced Proxy on Smoothwall to do the same, but I got lost in all the LDAP jargon needed to hook things up. Should you get it working however, all DG needs to do is point to Advanced Proxy.

Hope you get this working, it's something I want to get working myself.
 
DG + AD works quite well.

Altho I would've liked to use LDAP as you can assign permissions easier with that.
 
Yes.. want a copy of my configs?

(apparently clarkconnect 5.2.. 5 is not out yet.. will do AD authentication).
 
I know this thread is old, but I've come into this situation, as a school IT administrator, whereby they now want to log user access per student. But they still want web-content filtering. So I was thinking User->DansGuardian->Squid->Active Directory for authentication. However, does this log the username. The most important function is logging the username, not the IP of the machine. We need to be able to build a browsing profile of any given student. IP's don't help.

Any input would be greatly appreciated.

I can work with any setup recommended, as long as it is open source and works. Did you get your setup to work, and if so, how?

Oh and one further question. Is the authentication silent, in that it grabs the username from the OS, as opposed to popping up a login prompt.
 
Hi graviti

It works well - logs site visited by username. If you use SARG then you have a more comprehensive report re sites visited per username.

Unfortunately, if you do not use static passwords, then DG tend to lock out accounts as it still caches the old password. I haven't had time to play around with this yet.

We're looking at using static passwords for each user on the firewall to get rid of this account lockout issue, this will allow us to still log web sites visited per username.

When the user tries to access the Internet first, then he/she will be asked for a username/password, so it is not a silent process. As Firefox (and other web browsers as well) save this username/password in their list, the rest of the access will be transparent.

HTH

Libs
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X