On 16/09/17 02:31, Pascal Schäfer wrote:
Dear Amos,
Thank you for your reply!
I have a question about the authentication with a radius server.
I use Squid as a reverse proxy.
It is possible to use two radius server for different pages or
subdomains with squid_radius_auth?
HTTP has no concept of "page" - so for that; no.
For sub-domains (OR specific URLs); maybe. Because the helper you are
asking about does not use the key_extras feature provided by latest
Squid version
Ok. Thank you. Exist another helper who did an authentication with a
radius server?
I am aware of some proprietary ones existing. But that is not useful for
you.
You need to write your own helper that does what you want. That could be
in the form of a wrapper script that starts multiple radius helper with
the necessary parameters, and uses key_extra parameters to decide which
one will handle any given auth lookup.
Is this https://wiki.squid-cache.org/Features/AddonHelpers#Authenticator
the right wiki, where I have to lookup?
That page describes the protocol Squid will be talking to your script
with; and what is expected to arrive back.
Make it sense that behind the radius server is a Windows NPS Server to
authenticate the Users?
That does not matter unless you are writing the RADIUS parts yourself.
In which case I cannot help, not knowing much about RADIUS protocol.
So when I write the wrapper helper, I only need to decide which helper I
would like to start and with which parameters, like a Bash command?
Yes. Though helpers are required to run until Squid stops them. So best
to start the child radius helpers at the beginning then just relay query
and response lines appropriately when they arrive.
Since you are calling it the long obsolete name "squid_radius_auth", you
probably do not have a current Squid version which supplies the
key_extras feature. At the very least you will have to upgrade to at
least Squid-3.5.
I have a Squid-3.5, self compiled.
I think about to upgrade there on Squid-4 or to compile it and install
them fresh on the system. Is the name of them another in the newer versions?
Then you should be fine, except "basic_radius_auth" is the helper binary
name since Squid-3.2.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users