NDS for Squid

I have an internal LAN, with a couple servers running Netware. All my users are in the NDS tree, using Client trust to get out through a Novell BorderManager firewall. I'd like to switch over and use a linux box and squid as a web proxy. How do I tie in authentication with NDS and Squid ?
jformanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

j2Commented:
You don't. that simply isnt supported unfortunately.
0
jformanAuthor Commented:
Thanks. I was wondering, I have seen PAM modules that can be integrated with Squid. Could you clarify what those do and if they could help my situation?
0
j2Commented:
Problem here is that when using novell, users logon to the netware server to gain access to the network. You dont do that with linux in the same fashion, so to authentify, the users would have to open a telnet session to the linuxserver, and log on.
0
samriCommented:
I actually are looking for the same solution.

The problem is integrating authentication on these two systems are primarily due to different types of authentication scheme used.  Novell uses NDS but Squid which I believe are stuck with Linux/UNIX authentication scheme.

  The trick into getting these two "guys" to talk to each other is to introduced another "middle-ware" that could talk both ways - one can understand NDS and can talk via IP.

  With recent version of Netware (Novell Netware 5), Novell has come up with it's own LDAP (Lightweight Directory Access Protocol) option to be installed to it's Netware 5 box.  So if you could get a Netware 5 running on you NDS, then we can start from there.

   Then on the squid side, you should create an ACL that points to the LDAP server for user authentication.   I have come across  the documentation on how to do that, but somehow forgot their URL.

   Another cheap trick is to your Squid and BorderManager is a hierachahy, where BM is the child to Squid.  So all users will hit BM first, and get authenticated there, and BM will point to Squid as the parent.  At the same time, denied all access to Squid except for the BM box.  This way, the only way to go out (browse) is to go via BM.

   There goes my 10 cents comments.

Please share with me if you find any other good recommendations.
0
samriCommented:
I actually are looking for the same solution.

The problem is integrating authentication on these two systems are primarily due to different types of authentication scheme used.  Novell uses NDS but Squid which I believe are stuck with Linux/UNIX authentication scheme.

The trick into getting these two "guys" to talk to each other is to introduced another "middle-ware" that could talk both ways - one can understand NDS and can talk via IP.

With recent version of Netware (Novell Netware 5), Novell has come up with it's own LDAP (Lightweight Directory Access Protocol) option to be installed to it's Netware 5 box.  So if you could get a Netware 5 running on you NDS, then we can start from there.

Then on the squid side, you should create an ACL that points to the LDAP server for user authentication.   I have come across  the documentation on how to do that, but somehow forgot their URL.

Another cheap trick is to your Squid and BorderManager is a hierachahy, where BM is the child to Squid.  So all users will hit BM first, and get authenticated there, and BM will point to Squid as the parent.  At the same time, denied all access to Squid except for the BM box.  This way, the only way to go out (browse) is to go via BM.

I hope this might help

                            Please share with me if you find any other good recommendations.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.