Search squid archive

Re: Squid radius Authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 16/09/17 02:31, Pascal Schäfer wrote:

Dear Amos,

Thank you for your reply!



I have a question about the authentication with a radius server.
I use Squid as a reverse proxy.
It is possible to use two radius server for different pages or
subdomains with squid_radius_auth?


HTTP has no concept of "page" - so for that; no.

For sub-domains (OR specific URLs); maybe. Because the helper you are
asking about does not use the key_extras feature provided by latest
Squid version


Ok. Thank you. Exist another helper who did an authentication with a
radius server?
I am aware of some proprietary ones existing. But that is not useful for you. 



You need to write your own helper that does what you want. That could be
in the form of a wrapper script that starts multiple radius helper with
the necessary parameters, and uses key_extra parameters to decide which
one will handle any given auth lookup.


Is this https://wiki.squid-cache.org/Features/AddonHelpers#Authenticator
the right wiki, where I have to lookup?
That page describes the protocol Squid will be talking to your script with; and what is expected to arrive back. 


Make it sense that behind the radius server is a Windows NPS Server to
authenticate the Users?
That does not matter unless you are writing the RADIUS parts yourself. In which case I cannot help, not knowing much about RADIUS protocol. 



So when I write the wrapper helper, I only need to decide which helper I
would like to start and with which parameters, like a Bash command?
Yes. Though helpers are required to run until Squid stops them. So best to start the child radius helpers at the beginning then just relay query and response lines appropriately when they arrive. 




Since you are calling it the long obsolete name "squid_radius_auth", you
probably do not have a current Squid version which supplies the
key_extras feature. At the very least you will have to upgrade to at
least Squid-3.5.


I have a Squid-3.5, self compiled.
I think about to upgrade there on Squid-4 or to compile it and install
them fresh on the system. Is the name of them another in the newer versions?
Then you should be fine, except "basic_radius_auth" is the helper binary name since Squid-3.2. 


Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux