You can use you Active Directory user accounts for authenticating in Squid. You can also the Active Directory groups to group the access control in Squid. This article describes how to configure Squid to use the Active Directory user accounts for authentication and groups for access control.
We will use Winbind to integrate Active Directory into Squid. See Active Directory Integration with Samba for instructions on how to configure Winbind.
Authenticating using Active Directory
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off acl authenticated proxy_auth REQUIRED
The first section of auth_param configures NTLM browser authentication (works in Internet Explorer) to authenticate using Samba. The second section of auth_param does the same but works for basic browser authentication.
The last line defines an access control list element named authenticated which can be used in any access control list. Below is a simple access control list which allows only authenticated users to have access to the Squid cache.
http_access allow authenticated
Using Active Directory Security Groups
You can use the Active Directory Security Group in your access control list. Distribution group will not work here.
external_acl_type ad_group %LOGIN /usr/lib/squid/wbinfo_group.pl acl banned_users external ad_group BannedUsers
The first line defines an external acl type named ad_group which points to a Perl program that accepts a user name and group name parameter and returns Ok if the user name belongs in a specified group name.
The second line defines an access control list element named banned_users which specifies the Active Directory group BannedUsers. Below is an example in using the banned_users acl.
http_access deny banned_users
Visit the forum to ask for help or to give a comment.
Posted on 11/2/2008 and last updated on 11/6/2009
Filed under Squid Proxy Server