LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-23-2009, 05:59 AM   #1
lentaylor
LQ Newbie
 
Registered: Apr 2009
Posts: 1

Rep: Reputation: 0
squid with Active Directory authentication


HI I am new to squid and I am having a few problems setting up Active Directory authentication


I have squid running on a windows xp computer in a windows server 2003 domain
I would like to have all internet access to proxy through this computer and then log
The user that was logged on
The computer that they were on
And the website they go to
And the time

The domain name is: school.internal.net

When I run squid and open a webpage its asked for a username and password when I do that squid stops and says Squid Cache (Version 2.7.STABLE2): Terminated abnormally.

Here is the config file I have

I would be very thankful for any help.

Squid.conf

# Squid port is 3128; change it if you like
http_port 3128

# disable icp
icp_port 0

# some acls
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

#Squid LDAP Authentication
auth_param basic program /squid/libexec/squid_ldap_auth.exe -R
-b "dc=school,dc=internal,dc=net"
-D "cn=administrator,cn=Users,dc=school,dc=internal,dc=net"
-w "the password" -f sAMAccountName=%s -h 10.35.123.4
auth_param basic children 5
auth_param basic realm davenant.internal.net
auth_param basic credentialsttl 6 minutes


acl localnet proxy_auth REQUIRED src 10.35.123.0/22
#acl localnet src 10.35.123.0/22

acl localhost src 127.0.0.1/255.255.255.255
http_access allow localnet
http_access allow localhost

# Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
#acl localnet src 10.35.123.0/22

acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 3128 # SWAT
Safe_ports port 901 # squid
acl purge method PURGE
#acl CONNECT method CONNECT
#acl FTP proto FTP


# Only allow cachemgr access from localhost
#http_access allow all manager localhost
# Only allow purge requests from localhost
http_access allow purge
# localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
#http_access deny CONNECT !SSL_ports

# my own rules
http_access allow all localhost localnet
# And finally deny all other access to this proxy
#http_access deny all
cache.log
squid.conf
 
Old 04-23-2009, 12:24 PM   #2
okcomputer44
Member
 
Registered: Jun 2008
Location: /home/laz
Distribution: CentOS/Debian
Posts: 241

Rep: Reputation: 51
Hi,

you need first this to work properly: http://www.linuxmail.info/active-dir...amba-centos-5/
This is for the samba staff to join the Linux into AD.

I had problem before with the samba version.
Be sure to update the samba. It has to work straight away.
Under Linux terminal wbinfo -g -u ==>> shows AD groups/users.

Then this part for the squid authentication: http://www.linuxmail.info/squid-acti...y-integration/

After both works properly.

I installed the mysar php util. This is a browser integrated php squid log analyzer :http://giannis.stoilis.gr/software/m...ndex.php?id=24

So the system administrator can analyze every visited sites with time/date downloads and can sort it as he wishes.

I made it for a friend of mine he was absolutely amazed because he has got nearly a full MS ISA server(1500). And I made a full integration into Active Directory with group policy staff.

So users under organizational unit ==>> groups have got a default proxy and forced configuration. Actually you will be able to manage the users under Windows.

Anyway if you have problem let me know and Ill try to help you.

Laz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid Authentication to Active Directory BuRnInICE Red Hat 2 06-03-2011 04:55 AM
compiling squid with ldap authentication for active directory ashfaq Linux - Software 0 05-12-2008 01:55 AM
squid authentication with Active Directory ashfaq Linux - Software 8 03-14-2008 01:26 PM
Squid Authentication Active Directory BuRnInICE Linux - Networking 1 10-27-2004 08:02 AM
Squid authentication using Active Directory Groups will not work kepler Linux - Networking 1 05-25-2004 12:54 PM


All times are GMT -5. The time now is 02:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration