LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-31-2006, 09:27 PM   #1
win2Linux
LQ Newbie
 
Registered: Aug 2006
Posts: 2

Rep: Reputation: 0
Squid Proxy server help


Hi,

First of all, I am very new to linux / unix.

I am trying to install squid3 and squidGuard to block websites. I have only one desktop with freespire loaded. The computer is used by 4 different people. Hence I want to have user based Internet access.

I installed the squid 2.6 stable package from freespire website. It works great, except it does not pass the login userid to squidGuard, and hence all access rules in squidGuard is useless.

I tried few options such as %LOGIN, %IDENT etc in squid.conf, but no success.

Went through lot of google search and many websites to figure out how to implement the squid and squidGuard with user athentication, but so far not successful.

Looking at many sites and user groups, tells me I need to compile squid with authentication options, (I understand, packaged squid does not include the auth programs) but I am not sure how to do it.

All I need the login user id to be sent to SquidGuard, so that I can have different rules (for my self) and restricted rules for my kids.

I am hoping someone will guide me how can I achieve the user based internet rules either using squid/squidGuard or some thing else.

Thanks
Win2Linux
 
Old 09-01-2006, 05:16 AM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Quote:
Originally Posted by win2Linux
Looking at many sites and user groups, tells me I need to compile squid with authentication options, (I understand, packaged squid does not include the auth programs) but I am not sure how to do it.
So would instructions on how to compile squid get you up and running? If so, do you know the specific option(s) you need to compile with?

Disclaimer: I compiled squid once several months ago, but have not yet gotten around to figuring out how to use it, so my knowledge here is not immense!
 
Old 09-01-2006, 04:34 PM   #3
win2Linux
LQ Newbie
 
Registered: Aug 2006
Posts: 2

Original Poster
Rep: Reputation: 0
Hi,

I can use ./configure , make and make install command to compile and install SQUID.

I am actually looking for options to be used with ./configure command for including the basic authentication module inclusion in SQUID.

When i use ./configure --help, the command lists many enable , disable options. I am not sure, which one pick. Also for authentication, some helper modules need to be included in configure option.

Please advise which options for ./configure I should use.

Thanks
Win2Linux.
 
Old 09-03-2006, 10:53 AM   #4
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
O.K. I did some checking. Just for reference, I am consulting (and quoting from) the user guide Copyright (c) 2003 Oskar Pearson, and the source code for squid that I have is 2.5.STABLE13. (My directory structure follows that of the guide, namely squid is installed at /usr/local/squid.)

In the section "Username/Password pair," the guide says:

Quote:
Squid uses modules to do user authentication, rather than including code to do it directly. The default Squid source does, however, include two standard modules; The first authenticates users from a file, the other uses SMB (Windows NT) authentication. These modules are in the auth_modules directory in the source directory. These modules are not compiled when you compile Squid itself, and you will need to chooes an authentication module and run make in the appropriate directory. If the compile goes well, a make install will place the program file in the /usr/local/squid/bin/ directory and any config files in the /usr/local/squid/etc/ directory.

NCSA authentication is the easiest to use, since it's self contained. The SMB authentication program requires that SAMBA be installed, since it effectively talks to the NT server through SAMBA.

The squid.conf file uses the authenticate_program tag to decide which external program to use to authenticate users. If Squid were to only start one authentication program, a slow username/password lookup could slow the whole cache down (while all other connections waited to be authenticated). Squid thus opens more than one authentication program at a time, sending pending requests to the second when the first is busy, the third when the second is and so forth. The actual number started is specified by the authenticate_children squid.conf value. The default number started is five, but if you have a heavily loaded cache then you will need to increase this value.
So I am interpreting this to mean you can either use an authentication module you have obtained from elsewhere, or you can use one of the two (several? see below) that are included in the squid source code. In either case you must tell squid about it in squid.conf.

I could not find an auth_modules directory. At one point I thought squid-2.5.STABLE13/src/auth might contain what the author was referring to. While there were subdirectories that looked promising, I could not get the make command to do anything useful in these directories.

So there appears to be several inaccuracies in what I quoted above, possibly due to modifications since 2003. I now believe that the source directories for the authentication modules provided with squid are subdirectories of squid-2.5.STABLE13/helpers/basic_auth. There appear to be at least six of these, including NCSA, MSNT, and MSB. To use one of the provided modules, you need to cd into the directory for the method you want to use and run make and make install. My guess is you need to do this after doing the initial ./configure for squid (I am not aware of any specific options you need to give configure for authentication, but I could be wrong). Contrary to the quoted passage, the resulting module is installed in /usr/local/squid/libexec. (I tried to compile and install from all of the subdirectories of basic_auth using for loops for automation. It looked to me like there were some errors, which might be the reason it didn't appear that all the directories produced a module, but I didn't really investigate it.)

Without actually having used this myself, that's probably about the limit of the help I can provide you. I hope this has been of some help. If you learn more, by all means post back so others can learn from this thread.

Good luck.
 
  


Reply

Tags
squidguard


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
squid proxy server configuration & distribution of internet without proxy gaurav_gupta082 Linux From Scratch 2 07-31-2010 12:25 PM
Need help to connect a squid proxy to connect to another squid proxy server bellerophon Linux - Newbie 1 02-07-2006 07:52 AM
squid proxy server msound Linux - Networking 4 06-01-2005 12:59 PM
Squid (proxy server) and FTP Zingaro2002 Linux - Networking 0 11-05-2003 10:42 AM
squid proxy server cmardhekar Linux - Newbie 0 09-29-2001 06:34 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration