Differences between revisions 1 and 7 (spanning 6 versions)

Squid web proxy

My goal is to keep notes on how to enable Windows AD authentication on Squid3.x

I joined the domain using "net rpc join -S PDC -U Administrator" # wbinfo -t > checking the trust secret via RPC calls succeeded > # wbinfo -u # wbinfo -g

http://www.cyberciti.biz/faq/squid-ntlm-authentication-configuration-howto/

Not tested

#auth_param negotiate program /usr/local/squid/bin/ntlm_auth --helper-protocol=gs
s-spnego

domain=> [domain] auth_param ntlm program /usr/lib/squid3/ntlm_auth -d domain/serv1 domain/serv2

acl Ip_Block_Range url_regex [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\:443
http_access deny Ip_Block_Range

Since FTP uses numeric IPs the Skype ACL must be exact including the port.

# Skype
acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:443
acl Skype_UA browser ^skype^
http_access deny numeric_IPS
http_access deny Skype_UA

...

CategoryLinux

-  ⇤ ← Revision 1 as of 2009-05-05 21:21:06 → 
  Size: 449
  Editor: PieterSmit
  Comment:
+   ← Revision 7 as of 2009-05-25 12:10:46 → ⇥
  Size: 1056
  Editor: PieterSmit
  Comment:
-Deletions are marked like this.
+Additions are marked like this.
 Line 7:
+I joined the domain using "net rpc join -S PDC -U Administrator"
# wbinfo -t
> checking the trust secret via RPC calls succeeded
> 
# wbinfo -u
# wbinfo -g

http://www.cyberciti.biz/faq/squid-ntlm-authentication-configuration-howto/
-Line 14:
+Line 25:
+{{{
acl Ip_Block_Range url_regex [0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\:443
http_access deny Ip_Block_Range
}}}
<!> Since FTP uses numeric IPs the Skype ACL must be exact including the port.
{{{
# Skype
acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:443
acl Skype_UA browser ^skype^
http_access deny numeric_IPS
http_access deny Skype_UA
}}}