Re: [squid-users] Active Directory Integrated Squid Proxy Guide

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 09 Jan 2012 22:44:24 +1300

On 9/01/2012 6:58 p.m., James Robertson wrote:
> Hi Everyone,
>
> I just thought I would share a guide I am working on, it's not quite
> finished so expect errors, typo's etc. I would love any feedback or
> critique about it.
>
> http://wiki.bitbinary.com/index.php/Active_Directory_Integrated_Squid_Proxy
>
> There is probably things that the developers and users will cringe at,
> if so I would like to know.
>
> Thanks for maintaining squid and the for the friendly mailing lists.
>
> Kind Regards,
>
> James

Some notes on squid.conf:
* you did not configure Squid to use plain NTLM, so "auth_param ntlm
..." lines are useless. Remove.

* using \ to escape whitespace is not valid in any of the officially
released Squid configs.
  - what you have configured is the helper to test for three groups:
"Internet\", "Users\", and "Blocked" etc.
  To use groups with whitespace in their names place the group name in a
file by itself and load the file into the ACL definition like you do the
allowedsites.txt etc.
When that is fixed you will be able to use "memberof=cn=%g" in the LDAP
parameters instead of hard-coding the different group names. Thus you
only need one external_acl_type helper definition in total.

* "no_cache" has not existed in many years. Remove the "no_" part and
re-read the line to see if it matches your intended policy.

Considered updating the official Squid wiki documentation about active
directory integration?
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory

Editing is open to all real persons. How to get edit access is detailed
at the top of http://wiki.squid-cache.org/FrontPage

Amos
Received on Mon Jan 09 2012 - 09:44:32 MST

This archive was generated by hypermail 2.2.0 : Mon Jan 09 2012 - 12:00:04 MST