Hi Ben
Here what I was using with squid 3.8 (I now use another proxy solution)
If you don't want the login popup for non domain users, remove the basic auth
# Install samba
# Join proxy to domain
Net ads join –U username
# Setup krb5.conf
[libdefaults]
default_realm = MyDomain.loc
[realms]
MyDomain.loc = {
kdc = 1.2.3.4
kdc = 1.2.3.5
admin_server = 1.2.3.4
default_domain = TESSI-TECHNO.FR
}
[domain_realm]
.MyDomain.loc = MyDomain.loc
MyDomain.loc = MyDomain.loc
[login]
krb4_convert = true
krb4_get_tickets = false
# Add this to squid.conf
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 150 startup=0 idle=1
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 75 startup=5 idle=1
auth_param basic realm MyDomain.loc
auth_param basic credentialsttl 2 hours
acl Auth-users proxy_auth REQUIRED
http_access allow Auth-users
Yvain PAYEN
De : squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> De la part de Ben Goz
Envoyé : jeudi 31 octobre 2024 12:27
À : squid-users@xxxxxxxxxxxxxxxxxxxxx
Objet : Squid and AD integration
⚠ FR : Ce message provient de l'extérieur de l'organisation. N'ouvrez pas de liens ou de pièces jointes à moins que vous ne sachiez que le contenu est fiable. ⚠
By the help of God.
Hi,
I'm trying to make squid integrate with AD server in such a way that the machines logged to the domain will send the current active username to squid and squid will ask the AD for all the groups that this username belongs to.
How can I configure squid to send an authentication challenge that the browser will send the active AD user? And if the machine doesn't connected to the domain it won't popup the login box?
Do I also need to configure the squid server as a trusted server in the domain?
Thanks,
Ben
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
