Find the answer to your Linux question:
Results 1 to 4 of 4
server = ubuntu 8.10 squid 3 windows 2003 active diretory Problem I want to log web usage on squid to AD usernames So far I have fresh install of squid3. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2008
    Posts
    21

    squid3 squid_ldap_auth ad logs


    server = ubuntu 8.10
    squid 3
    windows 2003 active diretory

    Problem

    I want to log web usage on squid to AD usernames

    So far I have fresh install of squid3. I have changed


    acl localnet src 192.168.1.0/24
    http_allow access localnet

    This has allowed me browse the web through squid. I can see traffic and logs being generated in access.log. My next step is to log by AD username.
    I have read many differrent ways of achieving this. I want to do it with squid_ldap_auth

    I know I need to edit the settings in

    auth_param basic program
    /usr/lib/squid/squid_ldap_auth.......

    I need help at this point.

  2. #2
    Just Joined!
    Join Date
    Dec 2008
    Posts
    21
    Just to help out

    2003 AD server name = server1 (192.168.1.1)
    domain = mycompany.com
    admin username = administrator
    password = mypassword
    ou = staff
    domain admins = user1, administrator

    lets say I try this

    /usr/lib/squid/squid_ldap_auth -b "dc=mycompany,dc=com" -f "uid=%s" -h 192.168.1.1

    (at this point it seems to be waiting for some input, so I type)

    USERID administrator PASSWORD mypassword

    and I receive

    squid_ldap_auth: WARNING, LDAP search error 'Operations error'
    ERR Success


    if I try this

    ./squid_ldap_auth -R -b "dc=mycompany,dc=com" -D "CN=user1,OU=Staff,DC=mycompany,DC=com" -w "mypassword" -f sAMAccountName=%s -h 192.168.1.1

    USERID user1 PASSWORD mypassword I get this message

    ERR success

  3. #3
    Just Joined!
    Join Date
    Dec 2008
    Posts
    21
    I have edited these settings in squid.conf

    auth_param basic program /squid_ldap_auth -R -b "dc=mycompany,dc=com" -D "CN=user1,OU=Staff,DC=mycompany,DC=com" -w "mypassword" -f sAMAccountName=%s -h 192.168.1.1
    auth_param basic children 5
    auth_param basic realm Your Organisation Name
    auth_param basic credentialsttl 5 minutes


    acl ldapauth proxy_auth REQUIRED


    #http_access allow localnet
    http_access allow localhost
    http_access allow ldapauth

    When loading up Internet Explorer I am being prompted for username/passowrd and I can browse the web via squid.

    Does anyone know how to prevent the logon box prompting users and just take the logon credentials of the Windows client pc's for a seemless connection. I don't want users having to enter username and password for every workstation they use.

  4. #4
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •