Matt Harrison wrote:
Hi all,
I have a gentoo box that acts as a firewall, router and squid proxy.
I've been following a guide[1] to integrate squid authentication with
our active directory domain.
The guide is a little bit out of date and it doesn't seem to work for
me. Authentication is refused to non-authenticated users without
prompting for credentials (i want to be prompted) but it is also refused
for users logged into the domain.
Has anyone successfully got this to work? If so can you supply any tips
for my squid.conf?
Let me clarify a little bit:
Before attempting this integration, I had an acl line like this:
acl internal src 10.194.217.0/24
And i'm allowing that like so:
http_access allow internal
I'm just not sure how to change this to allow access to authenticated
users while prompting for those not authenticated.
As far as the guide I have mentioned goes, my kerberos and ldap are
working perfectly and samba is joined to the domain. winbind is running
and using the ntlm helper tests from the guide it appears that
authentication for users against the AD is working.
The problem is that squid.conf is a very large config file and I've only
ever played with a few options (1 acl, nothing more complex).
This should help.
http://wiki.squid-cache.org/SquidFaq/ProxyAuthentication
http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM
One you understand the config options usage, specific setting details
for your version of squid can be checked at the relevant one of these:
http://www.squid-cache.org/Version/v2/2.6/cfgman/
http://www.squid-cache.org/Version/v2/2.7/cfgman/
http://www.squid-cache.org/Version/v3/3.0/cfgman/
http://www.squid-cache.org/Version/v3/3.1/cfgman/
Amos
--
Please use Squid 2.7.STABLE4 or 3.0.STABLE9