Dá uma pesquisada sobre ntlm_auth, winbind, single sign on. Acredito que vá resolver o seu problema.
Em 18 de junho de 2010 15:52, eduwu...@gmail.com <eduwu...@gmail.com>escreveu: > Boa tarde..... > > Estou tentando implementar squid_ldap_auth que autentica em um servidor > Windows 2003 server. > > Ate ai, tudo bem, esta funcionando a autenticacao LDAP, porem, eu preciso > deixar a autenticacao para usuarios que usam Windows XP autenticado no > dominio, quando abrirem o browser, que a autenticacao seja automatica ou > seja, transparente. > O Browser fica solicitando usuario e senha, se eu colocar um usuario do meu > AD e sua senha, funciona, mas eu preciso que seja feito automaticamente. > > Existe alguma maneira? > > Abaixo meu squid.conf > > ######### > # AUTENTICACAO > # > auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -b > "dc=domain,dc=com" -D "cn=proxy_user,ou=internet,dc=domain,dc=com" -w > "dom...@123mudar" -f sAMAccountName=%s -h 192.168.0.1 > auth_param basic transparent Insira seu Usuario e Senha da Rede!!! > auth_param basic children 5 > auth_param basic credentialsttl 15 minutes > ######### > ######### > ## > acl password proxy_auth REQUIRED > ## > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl localhost src ::1/128 > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 > acl to_localhost dst ::1/128 > > acl localnet src 10.0.0.0/8 # RFC1918 possible internal network > acl localnet src 172.16.0.0/12 # RFC1918 possible internal network > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > acl localnet src fc00::/7 # RFC 4193 local private network range > acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) > machines > > acl SSL_ports port 443 > acl Safe_ports port 80 8443 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl Safe_ports port 8443 # PLESK > acl CONNECT method CONNECT > > > ## > # > external_acl_type ldap_group %LOGIN > /usr/local/libexec/squid/squid_ldap_group -R -b "dc=dominio,dc=com" -D > "cn=proxy_user,ou=internet,dc=domain,dc=com" -w "dom...@123mudar" -f > > "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=internet,dc=domain,dc=com))" > -h 192.168.0.1 > acl ldapAcessoPadrao external ldap_group AcessoPadrao > ######### > > acl ips_liberados src "/usr/local/etc/squid/SECURITY/ips_liberados.txt" > acl sites_liberados dstdomain -i > "/usr/local/etc/squid/SECURITY/sites_liberados.txt" > acl palavras_proibidas url_regex > "/usr/local/etc/squid/SECURITY/palavras_proibidas.txt" > acl extencoes_proibidas url_regex -i > "/usr/local/etc/squid/SECURITY/extencoes_proibidas.txt" > acl sites_proibidos dstdomain > "/usr/local/etc/squid/SECURITY/sites_proibidos.txt" > > > ######### > http_access allow ips_liberados > http_access allow sites_liberados > http_access deny palavras_proibidas > http_access deny extencoes_proibidas > http_access deny sites_proibidos > > http_access allow ldapAcessoPadrao > > ########## > http_access allow manager localhost > http_access deny manager > http_access allow Safe_ports > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localnet > http_access allow localhost > ## > http_access allow password > ## > http_access deny all > > ## > http_port 3128 > hierarchy_stoplist cgi-bin ? > > ## > cache_mem 512 MB > maximum_object_size_in_memory 10240 KB > memory_replacement_policy lru > cache_replacement_policy lru > cache_dir ufs /tank/squid/cache 102400 16 256 > max_open_disk_fds 0 > minimum_object_size 0 KB > maximum_object_size 1024000 KB > cache_swap_low 90 > cache_swap_high 95 > > ## > log_fqdn on > #logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh > access_log /tank/squid/logs/access.log squid > cache_store_log /tank/squid/logs/store.log > cache_log /tank/squid/logs/cache.log > coredump_dir /var/squid/cache > > diskd_program /usr/local/libexec/squid/diskd > unlinkd_program /usr/local/libexec/squid/unlinkd > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > > visible_hostname omegared > dns_nameservers 192.168.0.1 > > > > > ======================= > Eduardo Wutzl > Tecnólogo > eduwu...@gmail.com > - > 11-7892-7580 > Nextel ID: 100*116975 > ======================= > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
