If you want to use 'Basic' Auth whereby when a user requests access to the internet they are asked for their active directory username and password, you need to define a few things.
First the source of the authentication, in this case the LDAP service from your active directory server.
Something like this:
auth_param basic program /usr/lib/squid/ldap_auth -b <BaseDN of where active directory is> -f (cn=%s) -H ldap://active_directory_hostname
Next is an new type of ACL (access control list) called 'external' which makes squid consult another source to find out whether some object is allowed or not. Something like this:
external_acl_type internetusersgroup %LOGIN /usr/lib/squid/squid_ldap_group -b <BaseDN where active directory is> -f (&(cn=%u)(memberOf=%g)) -H ldap://active_directory_host -S
Then you need to define an ordinary ACL that calls the proxy authentication request - so the user sees the username/password dialog:
acl authenticate_user proxy_auth REQUIRED
Finally an ACL that says ask the external ACL type you defined if the user is in the group:
acl internetusers external internetusersgroup cn=internetusers,<BaseDN of active directory as above>
Then you can say
http_access allow internetusers authenticated_user
So if the user enters their credentials AND is in the active directory group you defined, then they will be allowed access.
Obviously you will need more settings such as further http_access rules for your site and there are several timeout settings associated with this setup.
The various components are reasonably well documented. Most of the answers are there.
cheers
r.
AybOwan!
this is my first question for the list.
i want to deploy a proxy server for my company to manage authentication for internet users. our main network is running on windows 2000 server domain. i created a group on active directory called "internetusers". i need to enable all "internetusers" group members to browse internet. how can i do this by deploying squid-cache proxy server?
Linux Distro:- mandrake 10.2 official windows version:- windows 2000 server have 1 adsl router+2 nics.
can you please, guide me to success my project
-- Linux everywhere