Pavan Kumar Mahoorker wrote:
>Hi all,
>
>
>
>I have configured SQUID as HTTP proxy and allowed some range of IPs.
>
>And when I use internet form my PC for which I have configured this
>SQUID PC as proxy server and i can see all the traffic going through the
>proxy.
>
>
>
>Now I want to allow the PC's to access the Proxy server only if the
>login credentials authentication is success.
>
>And if the PC's fail to authenticate then the proxy should block the
>traffic.
>
>I have modified the /etc/squid/squid.conf file but looks like it needs a
>external auth server like LDAP, APACHE & etc...
>
>
>
>Let me know what needs to be done to achieve this
>
Hello Kumar,
The Squid source code comes with a few authentcation processes for Basic
authentication. These include
LDAP: Uses the Lightweight Directory Access Protocol
NCSA: Uses an NCSA-style username and password file.
MSNT: Uses a Windows NT authentication domain.
PAM: Uses the Linux Pluggable Authentication Modules scheme.
SMB: Uses a SMB server like Windows NT or Samba.
getpwam: Uses the old-fashioned Unix password file.
sasl: Uses SALS libraries.
winbind: Uses Samba authenticate in a Windows NT domain
If you have LDAP then you can configure with squid.
Configuration of LDAP can be done with the following
Compiling squid with ldap support.
./configure --enable-basic-auth-helpers="LDAP"
In squid.conf file edit the following
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b
dc=yourdomain,dc=com -f uid=%s -h yourdomain.com
acl password proxy_auth REQUIRED
http_access allow password
http_access deny all
This Squid-LDAP Setup allows the users in the LDAP to access the pages
and deny all the others.
Similarly you can configure with the other authentication methods.
-- Thanks, Visolve Squid Team, http://squid.visolve.comReceived on Fri Jul 07 2006 - 00:55:52 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT