[GRLUG] Squid to Authenticate against Active Directory

Bruce Smith blubdog at gmail.com
Thu Apr 10 19:17:44 EDT 2008


> I have been asked to setup a Squid server for my organization. I have squid
> up and running on a Fedora Core 8 OS. I now need to have the users
> authenticate against Active Directory. I have found some articles on the
> internet, but nothing has worked yet. Has anyone done this before, and if
> so, could someone provide examples. I am running Squid Stable 2.6.

I just got it working at my workplace.

With AD you cannot browse anonymously, so in the example below, I
authenticate as "AD User" with password "adpasswd" as a user in AD
who's pw never expires. (names & pw changed to protect my security :)

auth_param basic program /usr/sbin/squid_ldap_auth
 -P -R -b "CN=Users,DC=domain,DC=com"
 -D "CN=AD User,CN=Users,DC=domain,DC=com"
 -f "(&(sAMAccountName=%s)(objectClass=Person)(memberOf=CN=Internet,CN=Users,DC=domain,DC=com))"
 -w "adpasswd" adserver.domain.com

(all one long line, not broken up like I did for this posting)

This also only allows users who are a member of the group "Internet",
so you can select who can and who can't surf.

 - BS


More information about the grlug mailing list