Find the answer to your Linux question:
Results 1 to 6 of 6
Hi All, I have configured SQUID-3.1.8-1 on CentOs 5.3. It is working fine now on blocking http & https traffic. Now I would like to intigrate the squid to windows ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2009
    Posts
    26

    Squid intigration with windows AD not with ldap/openldap!!!!


    Hi All,

    I have configured SQUID-3.1.8-1 on CentOs 5.3. It is working fine now on blocking http & https traffic.
    Now I would like to intigrate the squid to windows AD.
    Any help regarding this will be appreciated.

    Regards
    Kalyan Kumar P

  2. #2
    Just Joined!
    Join Date
    Sep 2008
    Posts
    22
    Quote Originally Posted by rhcekalyan View Post
    Hi All,

    I have configured SQUID-3.1.8-1 on CentOs 5.3. It is working fine now on blocking http & https traffic.
    Now I would like to intigrate the squid to windows AD.
    Any help regarding this will be appreciated.

    Regards
    Kalyan Kumar P
    Hi Kalyan,
    If you mean that you'd like to intergate squid3 as user authentication, I already have my structure working in such way.
    I Use a configuration like the following (I only pasted a part of squid conf ...).

    auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b "dc=www,dc=example,dc=com" -s sub -D "CN=Manager,OU=service accounts,ou=users,dc=www,dc=example,dc=com" -w PasswordOfManager -f "(&(objectClass=person)(sAMAccountName=%s)(membero f=cn=G-proxyusers,ou=Groups,dc=www,dc=example,dc=com))" -u sAMAccountName -P -v 3 -h myAD.ip.address
    auth_param basic children 10
    auth_param basic realm Authentication Required
    auth_param basic credentialsttl 2 hours
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32
    acl to_localhost dst 127.0.0.0/8
    acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
    ......
    ....
    acl CONNECT method CONNECT
    acl authenticatedusers proxy_auth REQUIRED
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow authenticatedusers
    http_access allow localhost
    http_access deny all
    icp_access deny all
    htcp_access deny all
    .....
    Of course this is a sample, you have to change "dc=www,dc=example,dc=com" with the baseDN of your AD, "PasswordOfManager" with password of your rootdn, and the query strings (-f "(&(objectClass=person)(sAMAccountName=%s)(membero f=cn=G-proxyusers,ou=Groups,dc=www,dc=example,dc=com))) so as to match your needings and AD scheme configuration.. and so on.
    The most important rows that activate this features are the ones marked in bold.
    You may feel free to change other parameters as you want (e.g. number of children, time to live, etc.)

    Hope this help

    Gab

  3. #3
    Just Joined!
    Join Date
    Jul 2009
    Posts
    26
    Hi Gabolander,

    Thanks for the reply. Well it seems that you have integrated to LDAP right?

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Sep 2008
    Posts
    22

    Post

    Quote Originally Posted by rhcekalyan View Post
    Hi Gabolander,

    Thanks for the reply. Well it seems that you have integrated to LDAP right?
    Sure, but Active Directory actually IS a LDAP v3, indeed. So, when I do an authentication to an A.D. is similar to doing an authentication to an authentication server based on LDAP. Only attributes and schema differ, but the query is pretty similar and the auth method is the same.

    In other cases, where authentication acts as SSO also for other apps in the same user session, even the Kerberos5 authentication must be activated, but in squid only this simple authentication method is needed.

    Best,
    Gabo

  6. #5
    Just Joined!
    Join Date
    Jul 2009
    Posts
    26
    The thing is...
    We have a WINDOWS 2008 AD on X machine. and
    Squid proxy server is on Y machine. I am trying to integrate these two. We don't have any LDAP server.
    So Can you suggest me how to proceed on this.

    Regards
    Kalyan Kumar Pasupuleti
    RHCE, LDAP, SELinux Certified.

  7. #6
    Just Joined!
    Join Date
    Sep 2008
    Posts
    22
    Quote Originally Posted by rhcekalyan View Post
    The thing is...
    We have a WINDOWS 2008 AD on X machine. and
    Squid proxy server is on Y machine. I am trying to integrate these two. We don't have any LDAP server.
    So Can you suggest me how to proceed on this.

    Regards
    Kalyan Kumar Pasupuleti
    RHCE, LDAP, SELinux Certified.
    The question is: As "integration" you mean that users that use proxy of Y machine have to be authenticated by AD (Y machine) ?
    If so, the answer is in my first post of this thread. You only have to change addresses and distinguished name to match your X machine binding.

    Regards,
    G.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •