Firewall Wizards mailing list archives
RE: Internet access control tied to users/group
From: Ben Nagy <ben.nagy () marconi com au>
Date: Thu, 8 Feb 2001 09:29:52 +1030
Skweeeeeeeed! Uh... Ahem. Squid will do this. You could roll-yer-own OpenBSD firewall that transparently redirects HTTP stuff to the squid process, and then use the Squid NTLM support to do user / group auth based on whatever you can do with _file_ permissions. (Read the Squid docco for more info). Even if you decide to go with a commercial firewall, Squid is a fairly amazing proxy - you could use Squid for WWW access and allow only the proxy server out through the firewall. Cheers, -- Ben Nagy Network Security Specialist Marconi Services Australia Pty Ltd Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-----Original Message----- From: John Adams [mailto:jna () retina net] Sent: Tuesday, 6 February 2001 8:46 To: Anthony Di Donato Cc: firewall-wizards () nfr net Subject: Re: [fw-wiz] Internet access control tied to users/group Cisco PIX can do this based on RADIUS or TACACS groups, as far as NT integration goes, you could run an NT Radius server. Alternately you can run the Microsoft proxy server. -john On 2 Feb 2001, Anthony Di Donato wrote:Citrix Extranet does thisHi Folks, I have a need locate a proxy server (filtering ifpossible) or firewallto authorize services for users in an NT Domainsystem AND provideaccess control based upon group membership.This could be one or twosystems (two servers would include an internalserver to tie into NTDomains and authorize internal users for servicesand the second afirewall for the perimeter control). Thus far I've determined that the choices are prettylimited. I'vefound Border Manager can tie into NDS and applypolicy based on definedgroups. Any other possibilities out there? Other information: This is an environment with alotof disklessworkstations and most of them get their servicethrough Citrix serversso the firewall either would see a dynamic addressfor some specialservices or the citrix servers IP for the majority ofusers.TIA.___________________________________________ ____firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards-- J. Adams
http://www.retina.net/~jna You are supposed to be a consumer, a black hole for goods, advertising and content. They only want to allocate enough upstream bandwidth for 10,000,000 buy buttons. Producing or sharing information is a subversive act and will not be tolerated. -anonymous coward on /. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Internet access control tied to users/group Anthony Di Donato (Feb 03)
- Re: Internet access control tied to users/group John Adams (Feb 07)
- <Possible follow-ups>
- RE: Internet access control tied to users/group Stiennon,Richard (Feb 08)
- RE: Internet access control tied to users/group Ben Nagy (Feb 08)