Hello,

Just wondering if someone would be able to help me get squid running and off the ground. I know it can be done pretty quickly and easily with FreeBSD but I was wondering what other distro's it works well with. Currently i'm trying to install it on Gentoo. Anyhow I have it compiled and installed but after that if someone would be able to help me with a typically config file that would be great. I just want it to be used as a typical caching proxy with LDAP authentication with Active Directory so I can restrict access with a group in AD.

Ohh also I was wondering if there was a way that you can setup the information via webbrowser to view once its up and running.

Thanks in advance,

well i'd suggest you go with Fedora as a distro, very easy to use squid with it and then check out my website listed below for information about running ldap client to authenicate against Active directory and squid with PAM authenication.

or NTLM authenication with squid and joining a linux box to the domain using winbind.

there is a heap of information on my website, just check it out.

Thanks, I will see what I can do with thouse how to documents. If I want to authenticate say a users group called httprestricted in active directory from getting onto the internet via Squid would I only have to use OpenLDAP or would I have to use PAM as well?

Also once squid is up and running is there anyway to push the cached information to a web based interface to see the results and statics ?

there are plently of squid report generators and things of that nature, i've never had any need for any of them so i havn't look that much into them, but fedora has one by default ... but i can't remember what it's called, hit google and searhc for 'squid log analyzer' & 'squid report generators'.

As for your first question, i've never restricted only one group from getting on the internet before, but i image if you had an ou=group called, ou=http,dc=example,cd=com and then your had all your other users in ou=group,dc=example,cd=com. then you could point LDAP to the http group and it wouldn't let the otheres acccess the internet.

Yeah I think that would work perfect as what I want to do is have a group in AD called httprestricted. So whenever I want to restrict a user from all internet access I can just add them to that group memebership. If I have to creat a second group called httpallow to allow users internet access I'll do that to, not sure if its nessary tho, but I would only have to use OpenLDAP for this right ? I wouldn't have to bother with PAM

thats right, you'd only need ldap, but i've never used ldap before, only pam and ntlm, so you'll have to look up ldap and squid.

Thanks for your help, i'll post in here if I run into any bumps in the road.