Configuring a Squid Server to authenticate off Active Directory

By Adrian Chadd

Warning: Any example presented here is provided “as-is” with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list.

Contents

1. Configuring a Squid Server to authenticate off Active Directory
   1. Basic Concepts
   2. Environment
   3. Packages to install
   4. Files to modify
      1. /etc/krb5.conf
      2. /etc/samba.smb.conf
      3. /var/kerberos/krb5kdc/kdc.conf
      4. /var/kerberos/krb5kdc/kadm5.acl
   5. Configure NTP time synchronisation
   6. Joining the server to the AD domain
   7. Fix Ownership
   8. Configuring Squid to use the Samba 3 ntlm_auth program for authentication

Basic Concepts

In this example, a Squid installation will use the Samba ntlm_auth helper to authenticate against an Windows Active Directory. The server will be joined to the Active Directory domain and other services can use the ntlm_auth helper to authenticate users (but be out of the scope of this document.)

Environment

• Windows Server 2003 AD
• Ubuntu Dapper installation
• Squid-2.6
• Kerberos 5
• Samba + Winbind
• NTP server running on AD controller

Packages to install

• samba (3)
• ntp-server (Kerberos requires time-synchronised machines)
• krb5-doc, krb5-config, krb5-user, libkerb53, libkadm55 (Kerberos related user libraries)
• winbind

Read more on wiki.squid-cache.org

Advertisements