[GRLUG] Squid to Authenticate against Active Directory
Bruce Smith
blubdog at gmail.com
Thu Apr 10 19:17:44 EDT 2008
> I have been asked to setup a Squid server for my organization. I have squid
> up and running on a Fedora Core 8 OS. I now need to have the users
> authenticate against Active Directory. I have found some articles on the
> internet, but nothing has worked yet. Has anyone done this before, and if
> so, could someone provide examples. I am running Squid Stable 2.6.
I just got it working at my workplace.
With AD you cannot browse anonymously, so in the example below, I
authenticate as "AD User" with password "adpasswd" as a user in AD
who's pw never expires. (names & pw changed to protect my security :)
auth_param basic program /usr/sbin/squid_ldap_auth
-P -R -b "CN=Users,DC=domain,DC=com"
-D "CN=AD User,CN=Users,DC=domain,DC=com"
-f "(&(sAMAccountName=%s)(objectClass=Person)(memberOf=CN=Internet,CN=Users,DC=domain,DC=com))"
-w "adpasswd" adserver.domain.com
(all one long line, not broken up like I did for this posting)
This also only allows users who are a member of the group "Internet",
so you can select who can and who can't surf.
- BS
More information about the grlug
mailing list