The pfSense Store

Author Topic: Squid Active Directory authentication and my experience  (Read 4863 times)

0 Members and 2 Guests are viewing this topic.

Offline hugleo

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Squid Active Directory authentication and my experience
« on: February 07, 2012, 06:29:34 pm »
First I had to edit the file: /usr/local/pkg/squid.inc and add the -R parameter to the line:

original:
$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n";

edited:
$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n";

Next follow up my pfsense configuration and observations:

Authentication method: LDAP

LDAP version: 3

Authentication server: 192.168.1.1

Authentication server port: 389

LDAP server user DN: "cn=squid squid,cn=users,dc=mydomain,dc=com" (I'd need to use double quoted. I've created a squid user on my active directory server. On active directory I've used squid word for name, surname and user login)

LDAP password: my_squid_user_password

LDAP base domain: dc=mydomain,dc=com (I've no need to use double quotes)

LDAP username DN attribute: (I left blank)

LDAP search filter: sAMAccountName=squid

I hope this experience helps someone!

Offline hugleo

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Squid Active Directory authentication and my experience
« Reply #1 on: February 09, 2012, 02:57:08 pm »
On another AD server my previous configuration doesn't work.

I'd need to use:

Authentication method: LDAP

LDAP version: 3

Authentication server: 192.168.1.1

Authentication server port: 389

LDAP server user DN: cn=squid,cn=users,dc=myanotherdomain,dc=local

LDAP password: my_squid_user_password

LDAP base domain: dc=myanotherdomain,dc=local

LDAP username DN attribute: uid

LDAP search filter: sAMAccountName=%s


Things of the life.

Offline mariouzae

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Squid Active Directory authentication and my experience
« Reply #2 on: March 30, 2012, 01:58:42 pm »
Thanks by post hugleo, I finally managed to set up Squid + AD !   :)

Offline m4st3rc1p0

  • Jr. Member
  • **
  • Posts: 45
  • Karma: +0/-0
    • View Profile
Re: Squid Active Directory authentication and my experience
« Reply #3 on: June 18, 2012, 09:22:03 pm »
this only works for one user particularly squid, i did this setup and it works flawlessly but when im using another account it doesnt work


First I had to edit the file: /usr/local/pkg/squid.inc and add the -R parameter to the line:

original:
$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n";

edited:
$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f \"{$settings['ldap_filter']}\" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n";

Next follow up my pfsense configuration and observations:

Authentication method: LDAP

LDAP version: 3

Authentication server: 192.168.1.1

Authentication server port: 389

LDAP server user DN: "cn=squid squid,cn=users,dc=mydomain,dc=com" (I'd need to use double quoted. I've created a squid user on my active directory server. On active directory I've used squid word for name, surname and user login)

LDAP password: my_squid_user_password

LDAP base domain: dc=mydomain,dc=com (I've no need to use double quotes)

LDAP username DN attribute: (I left blank)

LDAP search filter: sAMAccountName=squid

I hope this experience helps someone!