[K12OSN] A different authentication issue

[Barry Solof]

NDS and squid
-----------------

We used to have a Bordermanager box and would control access to the net 
through NDS groups.  Essentially, if you were in the "Internet_Users" 
group then BorderManager let you use the net.  It worked very well for 3 
or 4 years.

We now use squid proxy and have it authenticate to Novell through LDAP.  
Read this pdf for the general details:
http://www.madriver.k12.oh.us/technology/whitepapers/squid-edirectory.pdf

Check last weeks archives from this newsgroup, too.  I had described how 
we use squid to authenticate users from the very same "Internet_Users" 
group that we used for BorderManager.

The only difference squid made for the users is that now they have to 
authenticate when a browser is opened for the first time.  Bordermanager 
handled that task for them in the background.  Luckily, though, the 
authentication squid asks for is the exact same name and password that 
they use to login to Netware.

We don't have a particulary computer literate group of users where I 
work yet there were very few issues getting people up and running.  When 
some of them whinned about the extra effort, we just told them that the 
money saved by changing to the new product will probably go towards 
savings somebody's job.  That made most of them reasonably tolerant of 
the new authentication "hassle".

Squid has been our primary proxy for about 8 months now.  It would be a 
tough call to say which system (squid or BorderManager) was faster or 
had better uptime.  They both are excellent.