I came across this configuration online, but it still doesn't work. I really thought I would of had it on this one, but still not go. acl lan src 192.168.1.0/25 acl Intranet dstdomain intranet.int acl lan-intranet dst 192.168.2.2 http_access allow lan http_access allow Intranet http_access allow lan-intranet On Wed, Jan 11, 2012 at 11:37 AM, berry guru <berryguru@xxxxxxxxx> wrote: > I wanted to test something, but not quite sure how to do it. I want > to see if my Intranet users can authenticate when they go to > 'companyname-intranet' and are prompted for a login. When I enable > the proxy I'm unable to login to the Intranet, but when I disable the > proxy I can login. So I'm thinking its an issue with Squid and I need > to add something to Squid to allow authentication. I'm I incorrect in > this assessment? If so, how do I go about allowing access to that > site. Do I do this via an ACL? > > On Wed, Jan 11, 2012 at 10:30 AM, berry guru <berryguru@xxxxxxxxx> wrote: >> I used the following tutorial online to configure Squid to >> authenticate with AD, but I still can't get this working. As most >> have seen, I also used a tutorial written by one of our mailing list >> members and that didn't work. Are others having this much trouble >> getting Squid to authenticate with there Active Directory server? So >> frustrating! >> >> Configuring Squid LDAP Authentication >> >> The first step is to configure Squid to authenticate >> usernames/passwords with the Active Directory. You will need to open >> your Squid configuration file (squid.conf) and make the following >> changes: >> >> Find the auth param section of the config file (TAG: auth_param), and >> change the auth param basic program line to look like this. (Indented >> text indicates one line) >> >> auth_param basic program /usr/lib/squid/ldap_auth -R >> -b "dc=vm-domain,dc=papercut,dc=com" >> -D "cn=Administrator,cn=Users,dc=your,dc=domain,dc=com" >> -w "password" -f sAMAccountName=%s -h 192.168.1.75 >> auth_param basic children 5 >> auth_param basic realm Your Organisation Name >> auth_param basic credentialsttl 5 minutes >> >> These settings tell Squid authenticate names/passwords in the Active Directory. >> >> The -b option indicated the LDAP base distinguished name of your >> domain. E.g. your.domain.com would be dc=your,dc=domain,dc=com >> The –D option indicates the user that is used to perform the LDAP >> query. (e.g an Administrator. This example uses the built-in >> Administrator user, however you can use another user of your choice. >> The –w option is the password for the user specified in the –D >> option. For better security you can store the password in a file and >> use the –W /path/to/password_file syntax instead >> -h is used to indicate the LDAP server to connect to. E.g. your >> domain controller. >> -R is needed to make Squid authenticate against Windows AD >> The –f option is the LDAP query used to lookup the user. In the >> above example, sAMAccountName=%s, will match if the user’s Windows >> logon name matches the username entered when prompted by Squid. You >> can search any value in the LDAP filter query. You may need to use an >> LDAP search query tool to help get the syntax correct for the –f >> search filter. >> The %s is replaced with what the user enters as their username. >> >> Remember to restart Squid to make these changes to come into effect.
