?
Solved

How to configure squidin linux  with windows active directory authentication

Posted on 2008-09-29
3
Medium Priority
?
1,485 Views
Last Modified: 2013-12-16
We are using windows Active directory . I have installe squid in redhat linux.i want to go for authentication .How to configure squid with active directory(Winodws users) authentication.Give me the detail description .
0
Comment
Question by:krishgudd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Expert Comment

by:FourBeers
ID: 22603186
Please note this is a quote from a link so check this for more details...
http://www.papercut.com/kb/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory

Configuring Squid LDAP Authentication
The first step is to configure Squid to authenticate usernames/passwords with the Active Directory. You will need to open your Squid configuration file (squid.conf) and make the following changes:

Find the auth param section of the config file (TAG: auth_param), and change the auth param basic program line to look like this. (Indented text indicates one line)

    auth_param basic program /usr/lib/squid/ldap_auth -R
        -b "dc=vm-domain,dc=papercut,dc=com"
        -D "cn=Administrator,cn=Users,dc=your,dc=domain,dc=com"
        -w "password" -f sAMAccountName=%s -h 192.168.1.75
    auth_param basic children 5
    auth_param basic realm Your Organisation Name
    auth_param basic credentialsttl 5 minutes
These settings tell Squid authenticate names/passwords in the Active Directory.

The -b option indicated the LDAP base distinguished name of your domain. E.g. your.domain.com would be dc=your,dc=domain,dc=com
The D option indicates the user that is used to perform the LDAP query. (e.g an Administrator. This example uses the built-in Administrator user, however you can use another user of your choice.
The w option is the password for the user specified in the D option. For better security you can store the password in a file and use the W /path/to/password_file syntax instead
-h is used to indicate the LDAP server to connect to. E.g. your domain controller.
-R is needed to make Squid authenticate against Windows AD
The f option is the LDAP query used to lookup the user. In the above example, sAMAccountName=%s, will match if the users Windows logon name matches the username entered when prompted by Squid. You can search any value in the LDAP filter query. You may need to use an LDAP search query tool to help get the syntax correct for the f search filter.
The %s is replaced with what the user enters as their username.
Remember to restart Squid to make these changes to come into effect.
0
 
LVL 13

Accepted Solution

by:
WizRd-Linux earned 1500 total points
ID: 22613284
auth_param ntlm program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

This is the configuration to help you with "transparent" authentication against AD.  In otherwords, it stops the username / password box popping up everytime your users open a new browser.  This does require that winbind is working.

Check out http://www.cyberciti.biz/faq/squid-ntlm-authentication-configuration-howto/ for a step by step guide.
0
 

Author Comment

by:krishgudd
ID: 22621592
If we implement the above one ,in squid acess log file i am able to see the windows user names but i want configure in such a way that  when any user wants to access internet, squid proxy has to ask for authentication once user provide his/her username and password it has to allow.

But in my case its not asking for username nad password but its showing the usernames in squid access log files. Give your valuable suggestions.
Thxs in Advance
Krishgudd
0

Featured Post

Monthly Recap

May was a big month for new releases from Linux Academy! Take a look at what our team built recently in our blog. You can access the newest releases from our blog.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month13 days, 22 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question