Author Topic: [SOLVED]User Authentication on proxy/squid (Zentyal 3.2)  (Read 2655 times)

masnizar

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
[SOLVED]User Authentication on proxy/squid (Zentyal 3.2)
« on: October 23, 2013, 05:52:17 am »
Hi,
Last time i use zentyal was on version 2.2 and on that version to configure proxy/squid to authenticate user is the option on the proxy page to authorize and allow etc.
How to do this in zentyal 3.2? I'm reading the documentation but still dont gets it. Can anyone help.
Thanks
« Last Edit: October 25, 2013, 11:03:08 am by masnizar »

christian

  • Guest
Re: User Authentication on proxy/squid (Zentyal 3.2)
« Reply #1 on: October 23, 2013, 07:17:29 am »
I do share your feeling: this was pretty straightforward with 2.2 but 3.2 made this kind of hidden "à la Microsoft"  ;D

- in term of authentication, what you can do (or not) is to enable (or not) Kerberos so that authentication is based on Kerberos rather than login/password. This assumes your client authenticates against Samba (Windows) domain
- the key point (what you are looking for  ;)) is that authentication will automatically occur if you define rules that are based on "users groups"

I hop I'm not wrong (as I don't run 3.x)  8)

masnizar

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: User Authentication on proxy/squid (Zentyal 3.2)
« Reply #2 on: October 23, 2013, 11:37:07 am »
The problem is not all my users will be included/members in the domain. Or is it a must that the client must be member of the domain?
Sorry but its really confusing

christian

  • Guest
Re: User Authentication on proxy/squid (Zentyal 3.2)
« Reply #3 on: October 23, 2013, 11:58:35 am »
Being member of Samba domain doesn't matter as long as you don't want to enable Kerberos.
It would have been nice to have Kerberos as as a... Kerberos service  ;D  but it is currently exposed as Microsoft like service only if I understand well.
It should be feasible to get ticket from Kerberos server without implementing LikeWise stuff but did not investigate this yes.

masnizar

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: User Authentication on proxy/squid (Zentyal 3.2)
« Reply #4 on: October 25, 2013, 11:02:06 am »
Thanks for the info.
Its look like I'm sticking to version 2.2 until i get more understading about 3.x features

BrettonWoods

  • Guest
Re: [SOLVED]User Authentication on proxy/squid (Zentyal 3.2)
« Reply #5 on: October 25, 2013, 05:05:37 pm »
I know its says solved but I would much appreciate your input Christian.

Your musings of kerberos being a separate service rather than part of Samba made my mind tick a little.

I really want to get Kerb authentication working. I am thinking that this is not a Zentyal problem or a Kerberos one.

Its a M$ one that is being inherited by the reverse engineering that Samba4 is.

http://forum.zentyal.org/index.php/topic,18262.msg70675.html#msg70675

Thats a message from the 2nd and I am still trying to get some feedback on this.

I would really appreciate your thoughts Christian because I don't think the fault lies with Zentyal or Kerb just the M$ implementation that Samba4 has copied.

http://forum.zentyal.org/index.php/topic,18568.msg72259.html#msg72259

I had come to the conclusion that I would just do some windows registry hacking.

Then I remembered the kerberos principle name in Zentyal follows krb5PrincipalName=krbtgt/THURSBYGARDEN.LAN@THURSBYGARDEN.LAN,ou=Kerberos,dc=thursbygarden,dc=lan

If kerberos is case sensitive its not good form to start having various forms of case?

I think you might be able to help but how do I manage to edit the LDAP's so all the principle names follow M$ rules.
Thats the only thing I can think of doing as Samba4 is a replication of M$ AD so when in rome...

 

 
« Last Edit: October 25, 2013, 05:20:16 pm by BrettonWoods »