[squid-users] Squid radius Authentication

Eliezer Croitoru eliezer at ngtech.co.il
Tue Sep 19 14:50:45 UTC 2017

Hey Pascal,

I have some experience with wrapper scripts but I must admit that it has couple things which led me to not use it.
One of the issues was excessive CPU usage since I was using a bash script as a wrapper.
I remember that long ago a sysadmin used something else then basic auth.
They had a WIFI system on the premise and every user could login to the WIFI network using it's username and password.
Then they pulled from the radius DB periodically the user=> ip mapping and applied acl's based on the client IP which is unique per username.

If I will write a helper I would probably use GoLang or ruby.
I was thinking about some way to make an helper generic enough but if you have an idea\sketch I might take it and will actually write the helper.
I have seen but have not used the next library:

Which might be very helpful.

Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il

-----Original Message-----
From: Pascal Schäfer [mailto:p.schaefer at creapptive.de] 
Sent: Tuesday, September 19, 2017 15:20
To: Eliezer Croitoru <eliezer at ngtech.co.il>; squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Squid radius Authentication


thank you for your reply.
Yes it would be Basic.
I think I will write my own helper as a generic solution, not only for 2
domains/subdomains. Do you had the same problem in the past?

The answer mails from Amos helped me a lot to know how I can program the
wrapper helper.


Am 17.09.2017 um 05:57 schrieb Eliezer Croitoru:
> Hey,
> What kind of authentication do you want\need? Basic?
> Depends on your needs there might be a helper that you can use.
> If you have only two domains\subdomains it's one thing but if you have more then these then the program would be different.
> If I will have more details I might be able to answer your question and I maybe even have a radius authentication helper written somewhere which I can pull.
> Eliezer
> ----
> Eliezer Croitoru
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
> -----Original Message-----
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Pascal Sch?fer
> Sent: Friday, September 15, 2017 03:53
> To: squid-users at lists.squid-cache.org
> Subject: [squid-users] Squid radius Authentication
> Dear Ladies and Gentlemen,
> I have a question about the authentication with a radius server.
> I use Squid as a reverse proxy.
> It is possible to use two radius server for different pages or
> subdomains with squid_radius_auth?
> I think about a maybe special configuration.
> I try to use radius server A for the  website A and to use the radius
> server B for the website B. Maybe it is good to know that the website A
> is on web server A and Website B is on web server B.
> I would like to use one Squid server instead of two Squid server (and
> two port fowardings).
> A Example of my configuration:
> https://A.domain.com/... -> authentication over Radius Server A
> https://B.domain.com/... -> authentication over Radius Server B
> When I search on Google I don't found an acceptable answer for my question.
> Should I program such function on my own or know someone a configuration
> that work for my project?
> With best regards
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list