I wanted to test something, but not quite sure how to do it. I want
to see if my Intranet users can authenticate when they go to
'companyname-intranet' and are prompted for a login. When I enable
the proxy I'm unable to login to the Intranet, but when I disable the
proxy I can login. So I'm thinking its an issue with Squid and I need
to add something to Squid to allow authentication. I'm I incorrect in
this assessment? If so, how do I go about allowing access to that
site. Do I do this via an ACL?
On Wed, Jan 11, 2012 at 10:30 AM, berry guru <berryguru_at_gmail.com> wrote:
> I used the following tutorial online to configure Squid to
> authenticate with AD, but I still can't get this working. �As most
> have seen, I also used a tutorial written by one of our mailing list
> members and that didn't work. �Are others having this much trouble
> getting Squid to authenticate with there Active Directory server? �So
> frustrating!
>
> Configuring Squid LDAP Authentication
>
> The first step is to configure Squid to authenticate
> usernames/passwords with the Active Directory. You will need to open
> your Squid configuration file (squid.conf) and make the following
> changes:
>
> Find the auth param section of the config file (TAG: auth_param), and
> change the auth param basic program line to look like this. (Indented
> text indicates one line)
>
> � �auth_param basic program /usr/lib/squid/ldap_auth -R
> � � � �-b "dc=vm-domain,dc=papercut,dc=com"
> � � � �-D "cn=Administrator,cn=Users,dc=your,dc=domain,dc=com"
> � � � �-w "password" -f sAMAccountName=%s -h 192.168.1.75
> � �auth_param basic children 5
> � �auth_param basic realm Your Organisation Name
> � �auth_param basic credentialsttl 5 minutes
>
> These settings tell Squid authenticate names/passwords in the Active Directory.
>
> � �The -b option indicated the LDAP base distinguished name of your
> domain. E.g. your.domain.com would be dc=your,dc=domain,dc=com
> � �The �D option indicates the user that is used to perform the LDAP
> query. (e.g an Administrator. This example uses the built-in
> Administrator user, however you can use another user of your choice.
> � �The �w option is the password for the user specified in the �D
> option. For better security you can store the password in a file and
> use the �W /path/to/password_file syntax instead
> � �-h is used to indicate the LDAP server to connect to. E.g. your
> domain controller.
> � �-R is needed to make Squid authenticate against Windows AD
> � �The �f option is the LDAP query used to lookup the user. In the
> above example, sAMAccountName=%s, will match if the user�s Windows
> logon name matches the username entered when prompted by Squid. You
> can search any value in the LDAP filter query. You may need to use an
> LDAP search query tool to help get the syntax correct for the �f
> search filter.
> � �The %s is replaced with what the user enters as their username.
>
> Remember to restart Squid to make these changes to come into effect.
Received on Wed Jan 11 2012 - 19:37:09 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 12 2012 - 12:00:02 MST