Re: AD authentiction with squid

["Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx>]

"Benedict simon" <simon@xxxxxxxxxxx> wrote in message 
news:dde908b0d0e692cbfa0d7d7490dce7f2.squirrel@xxxxxxxxxxxxxxxxxxxxxxxxx
> Dear Amos,
>
> Thanks and really apprecite for ur quick reply
> i will try the link and n check it out.
>
> me too a novice in Ldap n not a professional in ADS
>
>
> regards
>
> simon
>
>
> > Benedict simon wrote:
> > > Dear All,
> > >
> > >
> > > i have squid Proxy server on Centos 5 working perfectly for a quite
> > > sometime and now we would like to have squid authenticating with ADS for
> > > more control .
> > > so that only users that have logged into domain are asked allowed for
> > > internet and others who dont log in have internet access denied but only
> > > local network services avaliable.
> > > i am not a professional in ADS so wd really apprecite your help
> > > i have been googling arround and tried but was only able to authenticate
> > > with squid by getting the popup window but not accept the password.
> > > i would like plain text authentication since i guess its the easiest one
> > >
> > > the setup
> > >
> > > Centos 5
> > > Squid stable 2.6
> > >
> > > the domain is ADS WINDOWS 2003
> > > Domain Name: baladia.local
> > > computer name :kmun
> > >
> > > jus cut and paste some squid entries .
> > >
> > >
> > > auth_param basic program /usr/lib/squid/squid_ldap_auth -R -b
> > > "dc=baladia,dc=local" -D "cn=Administrator,cn=Users,dc=baladia,dc=local"
> > > -w "xxxx" -f sAMAccountName=%s -h 172.16.2.227
> > > auth_param basic children 5
> > > auth_param basic realm PROXY SERVER
> > > auth_param basic credentialsttl  5 minutes
> > >
> > > where xxxx is the administrtor password
> > > 172.16.2.227 is the IP address of the domain
> > >
> > > will the above help me to authenticate user with ADS
> > >
> > > when i log into the domain and user my browser the window pops up but
> > > when
> > > i enter the username and password it ask me the same dialog again
> > >
> > > also if i dont log into domain its the same
> > >
> > > the squid accesslog error is
> > >
> > > 1237471571.612     13 xx.xx.xx.xx TCP_DENIED/407 1761 GET
> > > http://vcs2.msg.yahoo.com/capacity testuser
> > >
> > > where testuser is the username on my domain
> > >
> > > apprecite if someone can help me with example or some links with
> > > examples
> > >
> > > thanks and really wd apprecite your kinf help
> >
> > http://wiki.squid-cache.org/ConfigExamples has a section for
> > authentication templates and how-tos.
> >
> > I'm not clued up on LDAP or AD requirements so can;t help any further on
> > this.
> >
> > Amos
> > --
> > Please be using
> >    Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
> >    Current Beta Squid 3.1.0.6
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
>
>
> --
> Network ADMIN
> -------------
> KUWAIT MUNICIPALITY:
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

You could use squid_kerb_auth.

Regards
Markus