LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-13-2014, 06:10 AM   #1
ramin1981
LQ Newbie
 
Registered: Feb 2013
Posts: 11

Rep: Reputation: Disabled
Squid and Microsoft AD configuration


Dear forum users.
I installed squid and samba on CentOS 6.6.
I need a help to authentication between squid and AD.
My squid.conf file is as below.
------------------------------------
cache_dir ufs /etc/squid/cache 2048 16 256
tcp_outgoing_address 192.168.23.241
error_directory /usr/share/squid/errors/en
memory_pools on
memory_pools_limit 2048 MB
visible_hostname appsrv1.matanata.net
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
dns_nameservers 8.8.4.4 8.8.8.8 192.168.22.10
hierarchy_stoplist cgi-bin ?
### Auth ntlm
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm keep_alive on
### Auth basic
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 hours
auth_param basic casesensitive off
cache_mgr aabdullayev@matanata.az
http_port 192.168.23.241:3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
########
authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour
### For AD Groups
external_acl_type nt_group %LOGIN /usr/lib/squid/wbinfo_group.pl
#!
#acl manager proto cache_object
#acl localhost src 127.0.0.1/32

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 8080 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl hznsrvva1 src 192.168.67.61
acl wmvareupdmanager src 192.168.67.18
acl x_internet_users_1 external nt_group internet_users_1
acl x_internet_users_2 external nt_group internet_users_2
acl x_internet_users_3 external nt_group internet_users_3
acl x_internet_users_4 external nt_group internet_users_4
###>!!!<###
##STATIC ACL##
#acl lan src 192.168.1.0/24
#acl lan1 src 192.168.23.0/24
acl emin-desk src 192.168.1.145
acl ict2-pc src 192.168.1.212
acl ict1-pc src 192.168.1.111
acl fr3-pc src 192.168.1.176
acl fr2-pc src 192.168.1.174
acl elxan-vaio src 192.168.1.186
acl zyxel-wi-fi-ap src 192.168.1.249
acl rufat-think1 src 192.168.1.180
acl rufat-think2 src 192.168.1.159
acl fuad-bashirov src 192.168.1.75
acl rufat-android src 192.168.1.200
acl rufat-tpt2-1 src 192.168.1.167
acl rufat-tpt2-2 src 192.168.1.158
##/-STATIC ACL-/##
acl ip url_regex http://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[:/]
acl ip url_regex https://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[:/]
acl ip_ftp url_regex ftp://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+[:/]
acl activate_adobe dstdomain activate.adobe.com
acl download url_regex -i \.mpe$ \.psd$ \.qt$ \.mp4$ \.3gp$ \.avi$ \.flv$ \.flac$ \.iso$ \.raw$ \.mov$ \.vqf$ \.tar$ \.gz$ \.rpm$ \.mp3$ \.asx$ \.wma$ \.wmv$ \.avi$ \.rar$ \.mpeg$ \.mpg$ \.qt$ \.ram$ \.rm$ \.iso$ \.wav$ \.zip$ \.exe$
acl dropbox_download dstdomain .dropboxusercontent.com
acl porn dstdomain "/etc/squid/acl/squid-porn.acl"
acl torrent url_regex -i "/etc/squid/acl/squid-torrent.acl"
acl proxy dstdomain "/etc/squid/acl/squid-proxies.acl"
acl ads url_regex -i "/etc/squid/acl/squid-ads.acl"
#acl mail dstdom_regex "/etc/squid/acl/mail/domains"
acl mail dstdomain "/etc/squid/acl/mail/domains"
acl malicious dstdomain "/etc/squid/acl/squid-malicious.acl"
acl social dstdomain "/etc/squid/acl/social/domains"
acl externald url_regex -i "/etc/squid/acl/external/domains"
acl externalu url_regex -i "/etc/squid/acl/external/urls"
acl QUERY urlpath_regex cgi-bin \?
http_access allow manager localhost
http_access deny manager
http_access deny activate_adobe
http_access allow hznsrvva1
#http_access allow lan
#http_access allow lan1
http_access allow wmvareupdmanager
http_access allow emin-desk
http_access allow ict2-pc
http_access allow ict1-pc
http_access allow fr3-pc
http_access allow fr2-pc
http_access allow elxan-vaio
http_access allow zyxel-wi-fi-ap
http_access allow rufat-think1
http_access allow rufat-think2
http_access allow fuad-bashirov
http_access allow rufat-android
http_access allow rufat-tpt2-1
http_access allow rufat-tpt2-2
###LEVEL 1###
http_access allow x_internet_users_1
###LEVEL 1###
#deny_info ERR_ACCESS_DENIED
#deny_info ERR_ACCESS_DENIED proxy
###LEVEL 2###
http_access allow !mail !ads !dropbox_download !proxy !download !torrent !porn !malicious !externald !externalu x_internet_users_2
###//LEVEL 2###
#deny_info http://192.168.23.6/1x1-pixel.png ads
#deny_info http://192.168.23.6/1x1-pixel.png proxy
#deny_info http://192.168.23.6/logo.jpg social
#http_access deny proxy x_internet_users_3
###LEVEL 3###
http_access allow !social !malicious !ads !torrent !porn !proxy !externald !externalu !ip !ip_ftp !mail x_internet_users_3
###//LEVEL 3###
#deny_info http://192.168.23.6/1x1-pixel.png x_internet_users_3
###LEVEL 4###
http_access allow !dropbox_download !ads !malicious !torrent !download !porn !proxy !externald !externalu !ip !ip_ftp !mail !social x_internet_users_4
###//LEVEL 4###
http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
no_cache deny QUERY
http_access deny all
_______________________________________________________
Where is the mistake?
 
Old 11-13-2014, 09:20 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by ramin1981 View Post
Dear forum users.
I installed squid and samba on CentOS 6.6. I need a help to authentication between squid and AD. My squid.conf file is as below.

Where is the mistake?
Again, as you were told in the first thread you posted, unless you post an actual ERROR, what do you think we'll be able to help with? You've told us what you WANT, but have given us NO details or problems to help with. And this is also like your other thread, where you asked about squidguard....and again, please don't ask people to look things up for you; read the Question Guidelines link in my posting signature.

Go read the Squid documentation on their website; it has examples and tells you how to do this. If you still need help, then post an actual ERROR, along with relevant details from both the AD and Linux server, and we can try to assist. But we're not going to look things up for you again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid authentication against Microsoft's Active Directory trueno_ray Linux - Server 2 12-30-2010 09:11 PM
Problem with configuration of Squid server behind a squid ajitup Linux - Server 13 08-12-2009 10:55 PM
squid configuration er.pankajg General 3 03-13-2006 12:55 AM
Squid: special configuration for remote Squid server hamish Linux - Software 0 12-06-2005 03:58 PM
squid on Microsoft network tuxvader Linux - Networking 8 07-15-2004 03:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration