Search squid archive

Re: active directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Whoops. Change replace that "dc=second" with "dc=first" in the DOMAIN1 part of the script and you'll understand what I meant. I didn't proof read after making the edits.

Cheers,
Dietrich


D & E Radel wrote:
UK SquidUser (AXA-TECH-UK) wrote:
hi, i'm trying to migrate to a new platform of squid proxy servers using
active directory. I can't seem to find any pointers on configuring
squid/kerberos/samba to use multiple domains for authentication.. i've
configured a test box to point through a single domain using ad fine,
but i'm unsure if i can actually use cross domain authentication... can
anybody point me in the right direction please.... Kev.

TS Data Networks
AXA Tech

I use the following script for ldap authentication from multiple domains. This should be modifiable for other forms of authentication:

#============================================
#!/bin/sh

# This script checks a username and password provided by squid
# against 2 domains. If the creditials are accepted by either
# domain, output "OK. Otherwise, output "ERR".

# read from stdin until EOF is received
while read INP; do

  # Use username and password to authenticate against FIRST domain
DOMAIN1=`echo $INP | /usr/lib/squid/ldap_auth -R -b "dc=first,dc=my,dc=domain,dc=com" -D "cn=Administrator,cn=Users,dc=second,dc=my,dc=domain,dc=com" -w "admin_password" -f sAMAccountName=%s -h 192.168.1.1`

  # User username and password to authenticate against SECOND domain
DOMAIN2=`echo $INP | /usr/lib/squid/ldap_auth -R -b "dc=second,dc=my,dc=domain,dc=com" -D "cn=Administrator,cn=Users,dc=second,dc=my,dc=domain,dc=com" -w "admin_password" -f sAMAccountName=%s -h 192.168.1.2`

  # If username and password is correct for either domain, output "OK"
  if [ "$DOMAIN1" == "OK" ]; then
    echo "OK"
  elif [ "$DOMAIN2" == "OK" ]; then
    echo "OK"
  else
    echo "ERR"
 fi
done
#============================================



I then call this from my squid.conf with:



#============================================
# Authenticate against TWO domains using LDAP, not SAMBA
#------------------------------------------------------------
# Uses the custom script called multi_domains.sh which authenticates
# against more than one domain by making multiple calls to the standard
# /usr/lib/squid/ldap_auth program and evaluating the result. The script
# passed either an "OK" or an "ERR" back to Squid.

auth_param basic program /etc/squid/multi_domains.sh
auth_param basic children 5
auth_param basic realm MyCompany Proxy
auth_param basic credentialsttl 5 hours
#============================================


I hope that this is useful to you.

Cheers,
Dietrich


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux