Squid Active Directory authentication and my experience
-
First I had to edit the file: /usr/local/pkg/squid.inc and add the -R parameter to the line:
original:
$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f "{$settings['ldap_filter']}" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n";edited:
$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f "{$settings['ldap_filter']}" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n";Next follow up my pfsense configuration and observations:
Authentication method: LDAP
LDAP version: 3
Authentication server: 192.168.1.1
Authentication server port: 389
LDAP server user DN: "cn=squid squid,cn=users,dc=mydomain,dc=com" (I'd need to use double quoted. I've created a squid user on my active directory server. On active directory I've used squid word for name, surname and user login)
LDAP password: my_squid_user_password
LDAP base domain: dc=mydomain,dc=com (I've no need to use double quotes)
LDAP username DN attribute: (I left blank)
LDAP search filter: sAMAccountName=squid
I hope this experience helps someone!
-
On another AD server my previous configuration doesn't work.
I'd need to use:
Authentication method: LDAP
LDAP version: 3
Authentication server: 192.168.1.1
Authentication server port: 389
LDAP server user DN: cn=squid,cn=users,dc=myanotherdomain,dc=local
LDAP password: my_squid_user_password
LDAP base domain: dc=myanotherdomain,dc=local
LDAP username DN attribute: uid
LDAP search filter: sAMAccountName=%s
Things of the life.
-
Thanks by post hugleo, I finally managed to set up Squid + AD ! :)
-
this only works for one user particularly squid, i did this setup and it works flawlessly but when im using another account it doesnt work
First I had to edit the file: /usr/local/pkg/squid.inc and add the -R parameter to the line:
original:
$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f "{$settings['ldap_filter']}" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n";edited:
$conf .= "auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -v {$settings['ldap_version']} -b {$settings['ldap_basedomain']} -D {$settings['ldap_user']} $password -f "{$settings['ldap_filter']}" -u {$settings['ldap_userattribute']} -P {$settings['auth_server']}$port\n";Next follow up my pfsense configuration and observations:
Authentication method: LDAP
LDAP version: 3
Authentication server: 192.168.1.1
Authentication server port: 389
LDAP server user DN: "cn=squid squid,cn=users,dc=mydomain,dc=com" (I'd need to use double quoted. I've created a squid user on my active directory server. On active directory I've used squid word for name, surname and user login)
LDAP password: my_squid_user_password
LDAP base domain: dc=mydomain,dc=com (I've no need to use double quotes)
LDAP username DN attribute: (I left blank)
LDAP search filter: sAMAccountName=squid
I hope this experience helps someone!