Configuring a Squid Server to authenticate off Active Directory

Posted on August 20, 2008 | Leave a comment

By Adrian Chadd

Warning: Any example presented here is provided “as-is” with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list.

Contents

  1. Configuring a Squid Server to authenticate off Active Directory
    1. Basic Concepts
    2. Environment
    3. Packages to install
    4. Files to modify
      1. /etc/krb5.conf
      2. /etc/samba.smb.conf
      3. /var/kerberos/krb5kdc/kdc.conf
      4. /var/kerberos/krb5kdc/kadm5.acl
    5. Configure NTP time synchronisation
    6. Joining the server to the AD domain
    7. Fix Ownership
    8. Configuring Squid to use the Samba 3 ntlm_auth program for authentication

Basic Concepts

In this example, a Squid installation will use the Samba ntlm_auth helper to authenticate against an Windows Active Directory. The server will be joined to the Active Directory domain and other services can use the ntlm_auth helper to authenticate users (but be out of the scope of this document.)

Environment

  • Windows Server 2003 AD
  • Ubuntu Dapper installation
  • Squid-2.6
  • Kerberos 5
  • Samba + Winbind
  • NTP server running on AD controller

Packages to install

  • samba (3)
  • ntp-server (Kerberos requires time-synchronised machines)
  • krb5-doc, krb5-config, krb5-user, libkerb53, libkadm55 (Kerberos related user libraries)
  • winbind

Read more on wiki.squid-cache.org

Advertisement
This entry was posted in Administration, Networking, Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s