I wanted to test something, but not quite sure how to do it. I want
to see if my Intranet users can authenticate when they go to
'companyname-intranet' and are prompted for a login. When I enable
the proxy I'm unable to login to the Intranet, but when I disable the
proxy I can login. So I'm thinking its an issue with Squid and I need
to add something to Squid to allow authentication. I'm I incorrect in
this assessment? If so, how do I go about allowing access to that
site. Do I do this via an ACL?
On Wed, Jan 11, 2012 at 10:30 AM, berry guru <berryguru_at_gmail.com> wrote:
> I used the following tutorial online to configure Squid to
> authenticate with AD, but I still can't get this working. As most
> have seen, I also used a tutorial written by one of our mailing list
> members and that didn't work. Are others having this much trouble
> getting Squid to authenticate with there Active Directory server? So
> frustrating!
>
> Configuring Squid LDAP Authentication
>
> The first step is to configure Squid to authenticate
> usernames/passwords with the Active Directory. You will need to open
> your Squid configuration file (squid.conf) and make the following
> changes:
>
> Find the auth param section of the config file (TAG: auth_param), and
> change the auth param basic program line to look like this. (Indented
> text indicates one line)
>
> auth_param basic program /usr/lib/squid/ldap_auth -R
> -b "dc=vm-domain,dc=papercut,dc=com"
> -D "cn=Administrator,cn=Users,dc=your,dc=domain,dc=com"
> -w "password" -f sAMAccountName=%s -h 192.168.1.75
> auth_param basic children 5
> auth_param basic realm Your Organisation Name
> auth_param basic credentialsttl 5 minutes
>
> These settings tell Squid authenticate names/passwords in the Active Directory.
>
> The -b option indicated the LDAP base distinguished name of your
> domain. E.g. your.domain.com would be dc=your,dc=domain,dc=com
> The –D option indicates the user that is used to perform the LDAP
> query. (e.g an Administrator. This example uses the built-in
> Administrator user, however you can use another user of your choice.
> The –w option is the password for the user specified in the –D
> option. For better security you can store the password in a file and
> use the –W /path/to/password_file syntax instead
> -h is used to indicate the LDAP server to connect to. E.g. your
> domain controller.
> -R is needed to make Squid authenticate against Windows AD
> The –f option is the LDAP query used to lookup the user. In the
> above example, sAMAccountName=%s, will match if the user’s Windows
> logon name matches the username entered when prompted by Squid. You
> can search any value in the LDAP filter query. You may need to use an
> LDAP search query tool to help get the syntax correct for the –f
> search filter.
> The %s is replaced with what the user enters as their username.
>
> Remember to restart Squid to make these changes to come into effect.
Received on Wed Jan 11 2012 - 19:37:09 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 12 2012 - 12:00:02 MST