-   Linux - Networking (
-   -   squid with Active Directory authentication (

lentaylor 04-23-2009 05:59 AM

squid with Active Directory authentication
HI I am new to squid and I am having a few problems setting up Active Directory authentication

I have squid running on a windows xp computer in a windows server 2003 domain
I would like to have all internet access to proxy through this computer and then log
The user that was logged on
The computer that they were on
And the website they go to
And the time

The domain name is:

When I run squid and open a webpage itís asked for a username and password when I do that squid stops and says Squid Cache (Version 2.7.STABLE2): Terminated abnormally.

Here is the config file I have

I would be very thankful for any help.


# Squid port is 3128; change it if you like
http_port 3128

# disable icp
icp_port 0

# some acls
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

#Squid LDAP Authentication
auth_param basic program /squid/libexec/squid_ldap_auth.exe -R
-b "dc=school,dc=internal,dc=net"
-D "cn=administrator,cn=Users,dc=school,dc=internal,dc=net"
-w "the password" -f sAMAccountName=%s -h
auth_param basic children 5
auth_param basic realm
auth_param basic credentialsttl 6 minutes

acl localnet proxy_auth REQUIRED src
#acl localnet src

acl localhost src
http_access allow localnet
http_access allow localhost

# Recommended minimum configuration:
acl all src
acl localhost src
#acl localnet src

acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 3128 # SWAT
Safe_ports port 901 # squid
acl purge method PURGE
#acl FTP proto FTP

# Only allow cachemgr access from localhost
#http_access allow all manager localhost
# Only allow purge requests from localhost
http_access allow purge
# localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
#http_access deny CONNECT !SSL_ports

# my own rules
http_access allow all localhost localnet
# And finally deny all other access to this proxy
#http_access deny all

okcomputer44 04-23-2009 12:24 PM


you need first this to work properly:
This is for the samba staff to join the Linux into AD.

I had problem before with the samba version.
Be sure to update the samba. It has to work straight away.
Under Linux terminal wbinfo -g -u ==>> shows AD groups/users.

Then this part for the squid authentication:

After both works properly.

I installed the mysar php util. This is a browser integrated php squid log analyzer :

So the system administrator can analyze every visited sites with time/date downloads and can sort it as he wishes.

I made it for a friend of mine he was absolutely amazed because he has got nearly a full MS ISA server(£1500). And I made a full integration into Active Directory with group policy staff.

So users under organizational unit ==>> groups have got a default proxy and forced configuration. Actually you will be able to manage the users under Windows.

Anyway if you have problem let me know and Iīll try to help you.


All times are GMT -5. The time now is 11:34 AM.