Pavan Kumar Mahoorker wrote:
Hi all,
I have configured SQUID as HTTP proxy and allowed some range of IPs.
And when I use internet form my PC for which I have configured this
SQUID PC as proxy server and i can see all the traffic going through the
proxy.
Now I want to allow the PC's to access the Proxy server only if the
login credentials authentication is success.
And if the PC's fail to authenticate then the proxy should block the
traffic.
I have modified the /etc/squid/squid.conf file but looks like it needs a
external auth server like LDAP, APACHE & etc...
Let me know what needs to be done to achieve this
Hello Kumar,
The Squid source code comes with a few authentcation processes for Basic
authentication. These include
LDAP: Uses the Lightweight Directory Access Protocol
NCSA: Uses an NCSA-style username and password file.
MSNT: Uses a Windows NT authentication domain.
PAM: Uses the Linux Pluggable Authentication Modules scheme.
SMB: Uses a SMB server like Windows NT or Samba.
getpwam: Uses the old-fashioned Unix password file.
sasl: Uses SALS libraries.
winbind: Uses Samba authenticate in a Windows NT domain
If you have LDAP then you can configure with squid.
Configuration of LDAP can be done with the following
Compiling squid with ldap support.
./configure --enable-basic-auth-helpers="LDAP"
In squid.conf file edit the following
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -b
dc=yourdomain,dc=com -f uid=%s -h yourdomain.com
acl password proxy_auth REQUIRED
http_access allow password
http_access deny all
This Squid-LDAP Setup allows the users in the LDAP to access the pages
and deny all the others.
Similarly you can configure with the other authentication methods.
--
Thanks,
Visolve Squid Team,
http://squid.visolve.com