Getting Ready for SafeSquid for Windows

Getting Ready for SafeSquid for Windows

by Manish » Tue Dec 08, 2009 2:00 pm

SafeSquid for Windows
SafeSquid for Windows contains Minor Bugfixes, and important enhancements.
Based on users reactions important enhancements were carried out so that SafeSquid can now be conveniently used an all Microsoft Windows Platforms.
The dependency for NSSLdap has now been dropped, and SafeSquid uses the native WinLDAP libraries of Microsoft Windows.
    Release Highlights
  • SafeSquid for Windows both Personal Edition and Business Edition now supports use on all Windows Platforms, including Windows 2003 / 2008 / Home Server / Vista / 7
  • Support for LSA Authentication
  • Improved integration with Microsoft AD / LDAP servers.
The newly introduced LSA authentication, allows you to create access restriction policy for users, by using their credentials on the Local System.
    To make best use of this feature:
  • If you are using SafeSquid in a Microsoft NT/AD network,
    - set the proxy hostname to your NTLMdomain name.
  • If you are using SafeSquid in WorkGroup based networks or home networks
    - set the proxy hostname to your NTLMhost name.
Work is under active progress for NTLM / SSO based authentication.
The option for Enabling / Disabling NTLM based Windows Integrated Authentication, is presently not functional.
    The SafeSquid's user authentication system has been completely re-built, providing easy adaptability to various scenarios like:
  • Windows LSA Authentication with LDAP based usergroup mapping.
  • Basic Authentication with LDAP based usergroup mapping
  • Windows LSA Authentication without LDAP based usergroup mapping
  • Basic Authentication without LDAP based usergroup mapping
SafeSquid for Windows has a newly designed LDAP Sub-System (LSS).
SafeSquid LSS has been built with a presumption that most deployments that will use this feature in conjuction with NTLM based Windows Integrated Authentication would have a Microsoft AD based network, ( though it should also support networks that mimic this, by using Samba + OpenLDAP).
    Highlights of SafeSquid's LSS:
  • SafeSquid's LSS connects to the specified AD / LDAP server and pre-fetches the Directory information of users, on startup.
  • The pre-fetched Directory information is automatically cached, and refreshed at regular intervals, to compensate for any changes.
  • This cached Directory information can be viewed via a new link "Show LDAP Groups" provided in the Top Menu of SafeSquid's WebGUI.
  • The pre-fetching operation can be performed anonymously when used with and OpenLDAP server, but will require a username / password when used with Microsoft AD Servers.
  • This username can be a DN, a UPN, a Windows NT style username, or other name that the directory server will accept as an identifier.
  • If a username / password is required to prefetch Directory information, the related password for this username is stored in SafeSquid's configuration XML in an encrypted form.
  • A new link "Encrypt Password" is provided on the Top Menu of the SafeSquid's WebGUI, to encrypt a Password. This encryption *MUST* be performed prior to being used as required in the LDAP Section. (Future versions of SafeSquid will use this feature in other sections too, wherever a Password needs to be specified, in a configuration entry.)
  • For most deployments in Microsoft AD based networks, specifying the "Login Attributes" to sAMAccountname, and leaving "Group Identifier", as blank, should be enough.
  • For enterprises that use other Directory services such as OpenLDAP, could specify "Login Attributes" to uid.
  • Directory information of each user, in the LSS is denoted as LDAP Profiles, and is held as a comma separated information, quite like SafeSquid's Profiles.
  • The Comma Separated attributes that can be viewed in the "Show LDAP Groups" can be used in SafeSquid's Access Restriction Section, to map user's Directory attributes as User Groups.
  • Finer configuration support allows specification of Login attributes, that will be used for the purpose of Authentication. For example if the authentication is to be performed against an LDAP server you may prefer to set the Login attribute as "uid", whereas if the authentication is to be performed against an Windows ADS server you may use Login attribute as "sAMAccountname".

Support for critical internal flaws.
SafeSquid now detects any critical internal flaws, and creates a minidump file in the same folder that contains it's native logs. These dump files can be sent to the Technical support for analysis, for a quickly identifying the problem.
Response for TS level 3 Support, should therefore now be better and faster than ever before.
Site Admin
Posts: 1318
Joined: Wed Apr 14, 2004 9:09 pm
Location: Mumbai

Return to Latest Releases

Who is online

Users browsing this forum: No registered users and 0 guests