hannibal:squid
Install with:
apt-get install squid
The external authentication program that authenticates your proxy users against LDAP is now available as a module in the Squid package.
(parts of) /etc/squid.conf
.... http_port proxy.intra.example.com:3128 .... auth_param basic program /usr/lib/squid/ldap_auth -b ou=People,dc=intra,dc=example,dc=com -h ldap.intra.example.com -f "(&(objectClass=posixAccount)(uid=%s))" auth_param basic realm Squid proxy-caching web server auth_param basic children 30 auth_param basic credentialsttl 2 hours .... acl SquidLdapUsers proxy_auth REQUIRED # You may put the line above just before the line "acl CONNECT method CONNECT" in the squid.conf file. .... http_access allow SquidLdapUsers # You might put the line above just below the line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS ....
You can check the authentication program by hand:
Just type on the prompt:
/usr/lib/squid/ldap_auth -b ou=People,dc=intra,dc=example,dc=com 192.168.1.12
Now input “username<SPACE>password<ENTER>” pairs. The authentication module will answer back with OK or ERR. End the session with Control-D.
Start the proxyserver
/etc/init.d/squid start
hannibal/squid.txt · Last modified: 2008/06/25 12:25 by Olivier Brugman
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
