Matt Harrison wrote:
> Hi all,
>
> I have a gentoo box that acts as a firewall, router and squid proxy.
>
> I've been following a guide[1] to integrate squid authentication with
> our active directory domain.
>
> The guide is a little bit out of date and it doesn't seem to work for
> me. Authentication is refused to non-authenticated users without
> prompting for credentials (i want to be prompted) but it is also refused
> for users logged into the domain.
>
> Has anyone successfully got this to work? If so can you supply any tips
> for my squid.conf?
>
> Let me clarify a little bit:
>
> Before attempting this integration, I had an acl line like this:
>
> acl internal src 10.194.217.0/24
>
> And i'm allowing that like so:
>
> http_access allow internal
>
> I'm just not sure how to change this to allow access to authenticated
> users while prompting for those not authenticated.
>
> As far as the guide I have mentioned goes, my kerberos and ldap are
> working perfectly and samba is joined to the domain. winbind is running
> and using the ntlm helper tests from the guide it appears that
> authentication for users against the AD is working.
>
> The problem is that squid.conf is a very large config file and I've only
> ever played with a few options (1 acl, nothing more complex).
>
This should help.
http://wiki.squid-cache.org/SquidFaq/ProxyAuthentication
http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM
One you understand the config options usage, specific setting details
for your version of squid can be checked at the relevant one of these:
http://www.squid-cache.org/Version/v2/2.6/cfgman/
http://www.squid-cache.org/Version/v2/2.7/cfgman/
http://www.squid-cache.org/Version/v3/3.0/cfgman/
http://www.squid-cache.org/Version/v3/3.1/cfgman/
Amos
-- Please use Squid 2.7.STABLE4 or 3.0.STABLE9Received on Tue Oct 21 2008 - 13:57:49 MDT
This archive was generated by hypermail 2.2.0 : Tue Oct 21 2008 - 12:00:04 MDT