Re: [squid-users] AD authentiction with squid

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 20 Mar 2009 14:48:43 +1300

Benedict simon wrote:
> Dear All,
>
>
> i have squid Proxy server on Centos 5 working perfectly for a quite
> sometime and now we would like to have squid authenticating with ADS for
> more control .
> so that only users that have logged into domain are asked allowed for
> internet and others who dont log in have internet access denied but only
> local network services avaliable.
> i am not a professional in ADS so wd really apprecite your help
> i have been googling arround and tried but was only able to authenticate
> with squid by getting the popup window but not accept the password.
> i would like plain text authentication since i guess its the easiest one
>
> the setup
>
> Centos 5
> Squid stable 2.6
>
> the domain is ADS WINDOWS 2003
> Domain Name: baladia.local
> computer name :kmun
>
> jus cut and paste some squid entries .
>
>
> auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
> "dc=baladia,dc=local" -D "cn=Administrator,cn=Users,dc=baladia,dc=local"
> -w "xxxx" -f sAMAccountName=%s -h 172.16.2.227
> auth_param basic children 5
> auth_param basic realm PROXY SERVER
> auth_param basic credentialsttl 5 minutes
>
> where xxxx is the administrtor password
> 172.16.2.227 is the IP address of the domain
>
> will the above help me to authenticate user with ADS
>
> when i log into the domain and user my browser the window pops up but when
> i enter the username and password it ask me the same dialog again
>
> also if i dont log into domain its the same
>
> the squid accesslog error is
>
> 1237471571.612 13 xx.xx.xx.xx TCP_DENIED/407 1761 GET
> http://vcs2.msg.yahoo.com/capacity testuser
>
> where testuser is the username on my domain
>
> apprecite if someone can help me with example or some links with examples
>
> thanks and really wd apprecite your kinf help
>

http://wiki.squid-cache.org/ConfigExamples has a section for
authentication templates and how-tos.

I'm not clued up on LDAP or AD requirements so can;t help any further on
this.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
   Current Beta Squid 3.1.0.6
Received on Fri Mar 20 2009 - 01:48:01 MDT

This archive was generated by hypermail 2.2.0 : Fri Mar 20 2009 - 12:00:03 MDT