[squid-users] Configuring Squid LDAP Authentication

From: berry guru <berryguru_at_gmail.com>
Date: Wed, 11 Jan 2012 10:30:49 -0800

I used the following tutorial online to configure Squid to
authenticate with AD, but I still can't get this working. As most
have seen, I also used a tutorial written by one of our mailing list
members and that didn't work. Are others having this much trouble
getting Squid to authenticate with there Active Directory server? So
frustrating!

Configuring Squid LDAP Authentication

The first step is to configure Squid to authenticate
usernames/passwords with the Active Directory. You will need to open
your Squid configuration file (squid.conf) and make the following
changes:

Find the auth param section of the config file (TAG: auth_param), and
change the auth param basic program line to look like this. (Indented
text indicates one line)

    auth_param basic program /usr/lib/squid/ldap_auth -R
        -b "dc=vm-domain,dc=papercut,dc=com"
        -D "cn=Administrator,cn=Users,dc=your,dc=domain,dc=com"
        -w "password" -f sAMAccountName=%s -h 192.168.1.75
    auth_param basic children 5
    auth_param basic realm Your Organisation Name
    auth_param basic credentialsttl 5 minutes

These settings tell Squid authenticate names/passwords in the Active Directory.

    The -b option indicated the LDAP base distinguished name of your
domain. E.g. your.domain.com would be dc=your,dc=domain,dc=com
    The –D option indicates the user that is used to perform the LDAP
query. (e.g an Administrator. This example uses the built-in
Administrator user, however you can use another user of your choice.
    The –w option is the password for the user specified in the –D
option. For better security you can store the password in a file and
use the –W /path/to/password_file syntax instead
    -h is used to indicate the LDAP server to connect to. E.g. your
domain controller.
    -R is needed to make Squid authenticate against Windows AD
    The –f option is the LDAP query used to lookup the user. In the
above example, sAMAccountName=%s, will match if the user’s Windows
logon name matches the username entered when prompted by Squid. You
can search any value in the LDAP filter query. You may need to use an
LDAP search query tool to help get the syntax correct for the –f
search filter.
    The %s is replaced with what the user enters as their username.

Remember to restart Squid to make these changes to come into effect.
Received on Wed Jan 11 2012 - 18:30:56 MST

This archive was generated by hypermail 2.2.0 : Thu Jan 12 2012 - 12:00:02 MST