This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SAM Authentication

We want to run our HTTP proxy in User Authentication mode so that we can track individual user web activity.

Environment : School district with 4000+ Staff & Students
Network: Windows 2000 Servers running Active Directory.

When testing ASL 5.x I see that I can use Local, LDAP or NT/Win200 to authenticate to the proxy.

When assigning users to profiles you only have the option of assigning profiles to Local users / Network Blocks  or using LDAP.

My question:  What's the purpose of having NT/Win2000 http proxy authentication if you can't use that authentication to allow make profile asignments.

We have the HTTP proxy on and are using the Surf protection.  This is not an option for us, it's a requirement.

Am I going to have to get LDAP portion working in order to use the proxy in User Authentication Mode? ( Entering 4000 local users is not an option )

This thread was automatically locked due to age.

Parents

0 Andy_01 over 21 years ago

Robert,

with LDAP or RADIUS you can assign individual groups individual profiles, this way you can make a nice security policy on the HTTP proxy, your staff gets different pages they can go to as the students. Using SAM authentication on the proxy allows you user authentication for the proxy but no profile assignments in the content filtering.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Andy_01 over 21 years ago

Robert,

with LDAP or RADIUS you can assign individual groups individual profiles, this way you can make a nice security policy on the HTTP proxy, your staff gets different pages they can go to as the students. Using SAM authentication on the proxy allows you user authentication for the proxy but no profile assignments in the content filtering.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 TXGARobert@Home over 21 years ago in reply to Andy_01

Hello Andy,

Long time no urgent phone call!  :-)

I am currently using network block profile assignment, and as long as the students are using one of the machines in that network block everything is running smoothly.  Problems arise when the teachers allow their students to use the " student " computer in their classrooms.

What we want is for Lil' Johnny to use the same profile no matter which computer / campus he logs on to.  I have it setup so that a group policy assigns the students a proxy to use, but in the class they  use whatever profile the machine's IP has been assigned.

So, we want to turn on User Authentication mode on the HTTP proxy,  and I have to get LDAP working.  I thought I saw where one of the Gurus was going to put something up about the LDAP setup in the DOCs section.  I have been reading the manual ( God forbid ) but just can't seem to get it to work.

For example,  I setup LDAP at home, and it " Looks " correct.  When I authenticate to the http proxy with a AD user that does NOT exist, it just cycles back to the authenticate box.  As it should, right?

When I authenticate with a user who is in my AD , I get a " No matching profile found ".  Which to me means the user was found, but has no surf profile assigned.  Which is correct as I cannot assign a AD user to a profile unless LDAP is my authentication source.

I guess what's really confusing to me is the fact that I have my AD user database sorted out into numerous OUs.  the following is just one example of a CSVDE output for a user:
CN=Ashton Bowling,OU=2004,OU=Students,OU=High School,OU=User Accounts,DC=pngisd,DC=org

Will having a nested OU structure screw up anything?  Can I assign a profile to everyone in  " OU=2004,OU=Students,OU=High School,OU=User Accounts,DC=pngisd,DC=org " like I can assign a group policy or do I have to assign it to the group they are assigned to ( High School Students ).

See, one question just generates more.  :-)

Tell Dyan I said hello, and that she should call and try to sell me something.

Robert
Cancel
Vote Up 0 Vote Down

Cancel