Tuesday, October 6, 2015

squid3 authentication using ldap as authenticate backend

how to setup ldap server follow the link below
http://theamdara.blogspot.com/2015/09/how-to-setup-ldap-server-with-slapd.html

***** information *****
ldap server: ldap.ldap.com
ldap basedn: ldap.com
ldap binddn: cn=admin,dc=ldap,dc=com
ldap binddn password: 123
object class to use: posixAccount

1- squid installation
$ sudo apt-get install squid

2-  edit squid configuration file /etc/squid3/squid.conf as below

acl all src all
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
acl localnet src 172.16.0.0/12    # RFC1918 possible internal network
acl localnet src 192.168.0.0/16    # RFC1918 possible internal network
acl SSL_ports port 443        # https
acl SSL_ports port 563        # snews
acl SSL_ports port 873        # rsync
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl Safe_ports port 631        # cups
acl Safe_ports port 873        # rsync
acl Safe_ports port 901        # SWAT
acl purge method PURGE
acl CONNECT method CONNECT


auth_param basic program /usr/lib/squid3/basic_ldap_auth -b dc=ldap,dc=com -h ldap.ldap.com -D cn=admin,dc=ldap,dc=com -w 123 -f (&(objectclass=posixAccount)(cn=%s))
auth_param basic children 50
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute
acl ldap_auth proxy_auth REQUIRED


visible_hostname proxy1
http_access allow manager localhost
http_access allow localnet ldap_auth
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all


dns_nameservers 8.8.8.8
http_port 3128
cache_dir aufs /var/spool/squid3 10000 16 256
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid3/access.log squid
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern (Release|Packages(.gz)*)$    0    20%    2880
refresh_pattern .        0    20%    4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid3



3- squid initialize and start service

$ sudo squid3 -z
$ sudo service squid3 start


configure the client to use the proxy, and it will ask for username and password when access the internet


No comments:

Post a Comment