I came across this configuration online, but it still doesn't work. I
really thought I would of had it on this one, but still not go.
acl lan src 192.168.1.0/25
acl Intranet dstdomain intranet.int
acl lan-intranet dst 192.168.2.2
http_access allow lan
http_access allow Intranet
http_access allow lan-intranet
On Wed, Jan 11, 2012 at 11:37 AM, berry guru <berryguru_at_gmail.com> wrote:
> I wanted to test something, but not quite sure how to do it. �I want
> to see if my Intranet users can authenticate when they go to
> 'companyname-intranet' and are prompted for a login. �When I enable
> the proxy I'm unable to login to the Intranet, but when I disable the
> proxy I can login. �So I'm thinking its an issue with Squid and I need
> to add something to Squid to allow authentication. �I'm I incorrect in
> this assessment? �If so, how do I go about allowing access to that
> site. �Do I do this via an ACL?
>
> On Wed, Jan 11, 2012 at 10:30 AM, berry guru <berryguru_at_gmail.com> wrote:
>> I used the following tutorial online to configure Squid to
>> authenticate with AD, but I still can't get this working. �As most
>> have seen, I also used a tutorial written by one of our mailing list
>> members and that didn't work. �Are others having this much trouble
>> getting Squid to authenticate with there Active Directory server? �So
>> frustrating!
>>
>> Configuring Squid LDAP Authentication
>>
>> The first step is to configure Squid to authenticate
>> usernames/passwords with the Active Directory. You will need to open
>> your Squid configuration file (squid.conf) and make the following
>> changes:
>>
>> Find the auth param section of the config file (TAG: auth_param), and
>> change the auth param basic program line to look like this. (Indented
>> text indicates one line)
>>
>> � �auth_param basic program /usr/lib/squid/ldap_auth -R
>> � � � �-b "dc=vm-domain,dc=papercut,dc=com"
>> � � � �-D "cn=Administrator,cn=Users,dc=your,dc=domain,dc=com"
>> � � � �-w "password" -f sAMAccountName=%s -h 192.168.1.75
>> � �auth_param basic children 5
>> � �auth_param basic realm Your Organisation Name
>> � �auth_param basic credentialsttl 5 minutes
>>
>> These settings tell Squid authenticate names/passwords in the Active Directory.
>>
>> � �The -b option indicated the LDAP base distinguished name of your
>> domain. E.g. your.domain.com would be dc=your,dc=domain,dc=com
>> � �The �D option indicates the user that is used to perform the LDAP
>> query. (e.g an Administrator. This example uses the built-in
>> Administrator user, however you can use another user of your choice.
>> � �The �w option is the password for the user specified in the �D
>> option. For better security you can store the password in a file and
>> use the �W /path/to/password_file syntax instead
>> � �-h is used to indicate the LDAP server to connect to. E.g. your
>> domain controller.
>> � �-R is needed to make Squid authenticate against Windows AD
>> � �The �f option is the LDAP query used to lookup the user. In the
>> above example, sAMAccountName=%s, will match if the user�s Windows
>> logon name matches the username entered when prompted by Squid. You
>> can search any value in the LDAP filter query. You may need to use an
>> LDAP search query tool to help get the syntax correct for the �f
>> search filter.
>> � �The %s is replaced with what the user enters as their username.
>>
>> Remember to restart Squid to make these changes to come into effect.
Received on Wed Jan 11 2012 - 23:28:02 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 12 2012 - 12:00:02 MST