Wednesday, September 14, 2011

Authenticate Squid Proxy with Win2008 R2 AD

- Squid Cache: Version 2.6.STABLE23

vi /etc/squid/squid.conf

auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "dc=mmx,dc=com" -D cn=squid,cn=users,dc=mmx,dc=com -w password -f "(&(objectclass=person)(sAMAccountName=%s))" -h 10.10.10.1

OR

auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b "dc=mmx,dc=com" -D cn=squid,cn=users,dc=mmx,dc=com -w password -f "(&(objectclass=person)(userPrincipalName=%s))" -h 10.10.10.1

auth_param basic children 5
auth_param basic realm (Proxy Authentication)
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl authenticated_user proxy_auth REQUIRED
acl local_networks src 10.10.10.0/24 172.16.1.0/24
acl BlkURL url_regex -i www.sex.com www.plineworld.com www.playboy.com www.pmates.com www.virusbursters.com dl1.virusbursters.com www.sexkey.com www.adult-kingdom.com www.pmates.com www.fuckmyteens.com www.anal-assute.com www.bangindahood.com www.free-girls-on-girls-movies.com www.freeadultarchives.com www.allthebestsex.com q-net.games.tucows.com www.thebiggestbreasts.com www.fuckingmotherfucker.com www.pornstar-devon.tv www.bastardly.com www.fuckingoldersister.com www.friendster.com www.metacafe
http_access allow local_networks authenticated_user !BlkURL

save squid.conf

Open Browser and Type in

- SAMAccount Name (user-1/password)

- UPN name and password (user-1@mmx.com/password)

Note: you can test authentication from CLI

install (openldap-clients)or compile squid with following

--enable-basic-auth-helpers=LDAP --enable-external-acl-helpers=ldap_group

#ldapsearch -D "user-1@mmx.com" -x -W -b "dc=mmx,dc=com" -h 10.10.10.1

http://www.linuxquestions.org/linux/articles/technical/configuring_transparent_web_proxy_using_squid_27stable9
http://people.redhat.com/jskala/squid/squid-2.7.STABLE9-1.el5/i386/
Quote of the Day