I want to set up a wireless environment where WPA2-Enterprise is used for authentication to a FreeRADIUS server (using EAP-TTLS or PEAP), and the wireless client is seamlessly routed through and authenticated to a Squid proxy. I can get the FreeRADIUS bit working alright, but how can I get Squid to recognize the user, without another username/password prompt?
Asked
Active
Viewed 2,103 times
1 Answers
1
Authentication to Squid is between the client's browser software and the Squid proxy. Internet Explorer and Google Chrome (and maybe Firefox-- I haven't kept up with it) can transparently authenticate to a proxy using the currently logged-on user's credentials via the NTLM protocol in an Active Directory environment.
If you're not planning on actually using the authenticated user's identity in Squid access control lists (ACLs) but are really just interested in being able to correlate user access in log files then you might be better off eschewing Squid authentication entirely and just using a combination nf your FreeRADIUS and DHCP server logs to correlate IP addresses to user authentication. Then you can correlate those addresses to accesses in the Squid logs.
Evan Anderson
- 141,071
- 19
- 191
- 328