I wanted to test something, but not quite sure how to do it. I want to see if my Intranet users can authenticate when they go to 'companyname-intranet' and are prompted for a login. When I enable the proxy I'm unable to login to the Intranet, but when I disable the proxy I can login. So I'm thinking its an issue with Squid and I need to add something to Squid to allow authentication. I'm I incorrect in this assessment? If so, how do I go about allowing access to that site. Do I do this via an ACL? On Wed, Jan 11, 2012 at 10:30 AM, berry guru <berryguru@xxxxxxxxx> wrote: > I used the following tutorial online to configure Squid to > authenticate with AD, but I still can't get this working. As most > have seen, I also used a tutorial written by one of our mailing list > members and that didn't work. Are others having this much trouble > getting Squid to authenticate with there Active Directory server? So > frustrating! > > Configuring Squid LDAP Authentication > > The first step is to configure Squid to authenticate > usernames/passwords with the Active Directory. You will need to open > your Squid configuration file (squid.conf) and make the following > changes: > > Find the auth param section of the config file (TAG: auth_param), and > change the auth param basic program line to look like this. (Indented > text indicates one line) > > auth_param basic program /usr/lib/squid/ldap_auth -R > -b "dc=vm-domain,dc=papercut,dc=com" > -D "cn=Administrator,cn=Users,dc=your,dc=domain,dc=com" > -w "password" -f sAMAccountName=%s -h 192.168.1.75 > auth_param basic children 5 > auth_param basic realm Your Organisation Name > auth_param basic credentialsttl 5 minutes > > These settings tell Squid authenticate names/passwords in the Active Directory. > > The -b option indicated the LDAP base distinguished name of your > domain. E.g. your.domain.com would be dc=your,dc=domain,dc=com > The –D option indicates the user that is used to perform the LDAP > query. (e.g an Administrator. This example uses the built-in > Administrator user, however you can use another user of your choice. > The –w option is the password for the user specified in the –D > option. For better security you can store the password in a file and > use the –W /path/to/password_file syntax instead > -h is used to indicate the LDAP server to connect to. E.g. your > domain controller. > -R is needed to make Squid authenticate against Windows AD > The –f option is the LDAP query used to lookup the user. In the > above example, sAMAccountName=%s, will match if the user’s Windows > logon name matches the username entered when prompted by Squid. You > can search any value in the LDAP filter query. You may need to use an > LDAP search query tool to help get the syntax correct for the –f > search filter. > The %s is replaced with what the user enters as their username. > > Remember to restart Squid to make these changes to come into effect.
