On 9/01/2012 6:58 p.m., James Robertson wrote:
Hi Everyone,
I just thought I would share a guide I am working on, it's not quite
finished so expect errors, typo's etc. I would love any feedback or
critique about it.
http://wiki.bitbinary.com/index.php/Active_Directory_Integrated_Squid_Proxy
There is probably things that the developers and users will cringe at,
if so I would like to know.
Thanks for maintaining squid and the for the friendly mailing lists.
Kind Regards,
James
Some notes on squid.conf:
* you did not configure Squid to use plain NTLM, so "auth_param ntlm
..." lines are useless. Remove.
* using \ to escape whitespace is not valid in any of the officially
released Squid configs.
- what you have configured is the helper to test for three groups:
"Internet\", "Users\", and "Blocked" etc.
To use groups with whitespace in their names place the group name in a
file by itself and load the file into the ACL definition like you do the
allowedsites.txt etc.
When that is fixed you will be able to use "memberof=cn=%g" in the LDAP
parameters instead of hard-coding the different group names. Thus you
only need one external_acl_type helper definition in total.
* "no_cache" has not existed in many years. Remove the "no_" part and
re-read the line to see if it matches your intended policy.
Considered updating the official Squid wiki documentation about active
directory integration?
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
Editing is open to all real persons. How to get edit access is detailed
at the top of http://wiki.squid-cache.org/FrontPage
Amos
