How to Proxy Server With LDAP Auth.
Follow this post to install samba with ldap support. I assuming you have configured ldap server for authenticate users in intranet with ip 192.168.1.12 and your proxy server ip is 192.168.202.17. On your proxy server should have direct internet connected with DSL or any modem or direct access to internet from firewall.
login to your linux server and follow the step by step guide.
root@proxy~] # ping www.google.com <---- this to check if internet is working
64 bytes from maa03s04-in-f18.1e100.net (74.125.236.50): icmp_seq=1 ttl=57 time=37.8 ms
root@proxy~]# yum install squid nss_ldap -y
root@proxy~]# cat /etc/squid/squid.conf > /etc/squid/squid.conf.bkp
root@proxy~]# vi /etc/squid/squid.conf (edit some lines as following)
#auth_param basic program /usr/lib/squid/ncsa_auth /usr/local/squid/etc/passwd <-comment this line No.274>
auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=server,dc=com" -f "uid=%s" -h 192.168.202.10 -d -v 3 <-- This is for ldap auth>
##external_acl_type used for group authentication from ldap
external_acl_type ldapgroups %LOGIN /usr/lib/squid/squid_ldap_group -b "dc=yourdomain,dc=com" -f "(&(cn=%g)(memberUid=%u))" -h ldapserver
acl ldapgroup external ldapgroups squid <--Add this line after line 572. This is for group (squid) auth from ldap>
###deny all other user not in squid group####
http_access deny !ldapgroup
acl ldapauth proxy_auth REQUIRED
http_access allow ldapauth
To make sure your squid server talk to ldap server run the following command
out put should similar like this if not some thing went wrong.
[root@proxy ~]# /usr/lib/squid/squid_ldap_auth -b "dc=server,dc=com" -f "uid=%s" -h 192.168.202.10 -d -v 3
username password
user filter 'uid=username', searchbase 'dc=yourdomain,dc=com'
attempting to authenticate user 'uid=username,ou=users,dc=yourdomain,dc=com'
OK
[root@proxy ~]# /usr/lib/squid/squid_ldap_group -b "dc=yourdomain,dc=com" -f "(&(cn=%g)(memberUid=%u))" -h 192.168.202.10
username group
OK
Follow this post to install samba with ldap support. I assuming you have configured ldap server for authenticate users in intranet with ip 192.168.1.12 and your proxy server ip is 192.168.202.17. On your proxy server should have direct internet connected with DSL or any modem or direct access to internet from firewall.
login to your linux server and follow the step by step guide.
root@proxy~] # ping www.google.com <---- this to check if internet is working
64 bytes from maa03s04-in-f18.1e100.net (74.125.236.50): icmp_seq=1 ttl=57 time=37.8 ms
root@proxy~]# yum install squid nss_ldap -y
root@proxy~]# cat /etc/squid/squid.conf > /etc/squid/squid.conf.bkp
root@proxy~]# vi /etc/squid/squid.conf (edit some lines as following)
#auth_param basic program /usr/lib/squid/ncsa_auth /usr/local/squid/etc/passwd <-comment this line No.274>
auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=server,dc=com" -f "uid=%s" -h 192.168.202.10 -d -v 3 <-- This is for ldap auth>
##external_acl_type used for group authentication from ldap
external_acl_type ldapgroups %LOGIN /usr/lib/squid/squid_ldap_group -b "dc=yourdomain,dc=com" -f "(&(cn=%g)(memberUid=%u))" -h ldapserver
acl ldapgroup external ldapgroups squid <--Add this line after line 572. This is for group (squid) auth from ldap>
###deny all other user not in squid group####
http_access deny !ldapgroup
acl ldapauth proxy_auth REQUIRED
http_access allow ldapauth
To make sure your squid server talk to ldap server run the following command
out put should similar like this if not some thing went wrong.
[root@proxy ~]# /usr/lib/squid/squid_ldap_auth -b "dc=server,dc=com" -f "uid=%s" -h 192.168.202.10 -d -v 3
username password
user filter 'uid=username', searchbase 'dc=yourdomain,dc=com'
attempting to authenticate user 'uid=username,ou=users,dc=yourdomain,dc=com'
OK
[root@proxy ~]# /usr/lib/squid/squid_ldap_group -b "dc=yourdomain,dc=com" -f "(&(cn=%g)(memberUid=%u))" -h 192.168.202.10
username group
OK
No comments:
Post a Comment