RE: [squid-users] squid on windows domain users

[Dustin Hane]

I'm sorry. I misunderstood that people were changing them. Best way to stop 
them from doing that, is to change the group policy settings in your domain 
controller to remove access to the network control panel for both users and 
local machines. 
Go to:
User Configuration -> Network -> Network Connections
Enable - Prohibit access to properties of components of LAN connection
Enable - Prohibit TCP/IP advanced configuration
Enable - Prohibit access to the Advanced Settings item on the Advanced Menu
Enable - Prohibit access to properties of a LAN connection
Enable - Prohibit access to the New Connection Wizard

Then apply this GPO to your COMPUTERS OU and you'll be all set. 

Thanks
Dustin

-Original Message-
From: Leonardo Carneiro [mailto:lscarne...@veltrac.com.br] 
Sent: Wednesday, April 29, 2009 9:45 AM
To: Vicks
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] squid on windows domain users

Hi Vicks,

i'm from brazil and i hope i can help u.
at the way i understood, users who don't have a "full" connection with 
the internet change their IPs to use the resources otherwise would be 
denied to them.

you have tons of ways to prevent this. one way is to use the domain 
login (with a external program) to do the filtering. it will prevent ip 
conflict in your network.

Vicks escreveu:
>> dear friends,
>>
>> i m from india & is using a 2 Mbps Leased Line
>> connection, distributing it through windows 2003 server with
>> squid & ip based filtering.
>> frequently i suffer from problems like ip conflicts bcoz
>> users who dnt hav internet facility track the ip on which
>> internet is available & changes them.
>>
>> what is the remedy to this.
>> is there a solution like this.
>> for all computers that need to hav internet facility,
>> should be in domain of the system on which squid is
>> installed & only these will have internet facility &
>> no other computer on LAN can access internet, dsnt matter
>> what its IP is.
>> 
>
> or there is a MAC based filtering available 4 windows in squid.
>   
>> whts ur opinions frnds?
>>
>> bye
>> 
>
>
>
>   Now surf faster and smarter ! Check out the new Firefox 3 - Yahoo! 
> Edition http://downloads.yahoo.com/in/firefox/
>
>
>   


-- 

*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarne...@veltrac.com.br <mailto:lscarne...@veltrac.com.br>
http://www.veltrac.com.br <http://www.veltrac.com.br/>
/Fone Com.: (43)2105-5600/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/

RE: [squid-users] squid on windows domain users

[Dustin Hane]

What type of IP conflicts? Is yoru DHCP server handing down the same IP address 
to different machines? 
You may want to have a setup similar to this:
IN your domain controller you have 2 subgroups under the "COMPUTERS" OU. 
Container 1 = Internet Access Allowed
Place all the PCS you want to have IP access allowed in this Container.
Container 2 = Not allowed
Place all the PCs without access here. 
Direct your DHCP server to hand out a certain range to Container 1 and a 
different range to container 2. Within squid, set up a src acl for container 1 
to allow. 
Follow?


> dear friends,
> 
> i m from india & is using a 2 Mbps Leased Line
> connection, distributing it through windows 2003 server with
> squid & ip based filtering.
> frequently i suffer from problems like ip conflicts bcoz
> users who dnt hav internet facility track the ip on which
> internet is available & changes them.
> 
> what is the remedy to this.
> is there a solution like this.
> for all computers that need to hav internet facility,
> should be in domain of the system on which squid is
> installed & only these will have internet facility &
> no other computer on LAN can access internet, dsnt matter
> what its IP is.

or there is a MAC based filtering available 4 windows in squid.
> 
> whts ur opinions frnds?
> 
> bye



  Now surf faster and smarter ! Check out the new Firefox 3 - Yahoo! 
Edition http://downloads.yahoo.com/in/firefox/

Re: [squid-users] squid on windows domain users

[Leonardo Carneiro]

Hi Vicks,

i'm from brazil and i hope i can help u.
at the way i understood, users who don't have a "full" connection with 
the internet change their IPs to use the resources otherwise would be 
denied to them.


you have tons of ways to prevent this. one way is to use the domain 
login (with a external program) to do the filtering. it will prevent ip 
conflict in your network.


Vicks escreveu:

dear friends,

i m from india & is using a 2 Mbps Leased Line
connection, distributing it through windows 2003 server with
squid & ip based filtering.
frequently i suffer from problems like ip conflicts bcoz
users who dnt hav internet facility track the ip on which
internet is available & changes them.

what is the remedy to this.
is there a solution like this.
for all computers that need to hav internet facility,
should be in domain of the system on which squid is
installed & only these will have internet facility &
no other computer on LAN can access internet, dsnt matter
what its IP is.



or there is a MAC based filtering available 4 windows in squid.
  

whts ur opinions frnds?

bye





  Now surf faster and smarter ! Check out the new Firefox 3 - Yahoo! 
Edition http://downloads.yahoo.com/in/firefox/


  



--

*Leonardo de Souza Carneiro*
*Veltrac - Tecnologia em Logística.*
lscarne...@veltrac.com.br 
http://www.veltrac.com.br 
/Fone Com.: (43)2105-5600/
/Av. Higienópolis 1601 Ed. Eurocenter Sl. 803/
/Londrina- PR/
/Cep: 86015-010/

Re: [squid-users] squid on windows domain users

[Amos Jeffries]

Vicks wrote:

dear friends,

i m from india & is using a 2 Mbps Leased Line connection, distributing it through 
windows 2003 server with squid & ip based filtering.
frequently i suffer from problems like ip conflicts bcoz users who dnt hav internet 
facility track the ip on which internet is available & changes them.

what is the remedy to this.
is there a solution like this.
for all computers that need to hav internet facility, should be in domain of the system 
on which squid is installed & only these will have internet facility & no other 
computer on LAN can access internet, dsnt matter what its IP is.

whts ur opinions frnds?



Use some form of authentication. Squid is capable of ActiveDirectory auth.
 http://wiki.squid-cache.org/ConfigExamples

What you have described so far is a basic network security failure 
usually seen on Windows NetBIOS networks (users being able to detect 
other users IPs and perform privilege escalation).


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
  Current Beta Squid 3.1.0.7