[squid-users] Replacing Microsoft TMG by Squid.
Rafael Akchurin
rafael.akchurin at diladele.com
Mon Oct 19 17:13:02 UTC 2015
Hello Sebastien,
Here I tried to have the step-by-step visual tutorial for Squid + Kerberos SSO with AD (using mapped user and NOT by joining Squid into AD) - but is doesn't work for non joined machines (defaulting to Negotiate/NTLM).
May be helpful as a starting point for your own research - see http://docs.diladele.com/administrator_guide_4_2/system_configuration/active_directory/index.html
Please share your findings/critical views on this.
Best regards,
Rafael Akchurin
Diladele B.V.
-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Sebastien.Boulianne at cpu.ca
Sent: Monday, October 19, 2015 6:04 PM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Replacing Microsoft TMG by Squid.
Hi Eliezer,
As I wrote, " I am using the latest version of Squid... v3.5.10."
On Oracle Linuxm the latest version is 3.3.8 so I compiled it my Squid from SOURCE with the configure command:
./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --disable-strict-error-checking --exec_prefix=/usr --libexecdir=/usr/lib64/squid --datadir=/usr/share/squid --sysconfdir=/etc/squid --with-logdir=/var/log/squid --with-pidfile=/var/run/squid.pid --disable-dependency-tracking --enable-eui --enable-follow-x-forwarded-for --enable-auth --enable-auth-basic=DB,LDAP,NCSA,NIS,POP3,RADIUS,SASL,SMB,getpwnam --enable-auth-ntlm=smb_lm,fake --enable-auth-digest=file,LDAP,eDirectory --enable-auth-negotiate=kerberos --enable-external-acl-helpers=file_userip,LDAP_group,time_quota,session,unix_group,wbinfo_group --enable-cache-digests --enable-cachemgr-hostname=localhost --enable-delay-pools --enable-epoll --enable-icap-client --enable-ident-lookups --enable-linux-netfilter --enable-removal-policies=heap,lru --enable-snmp --enable-ssl --enable-ssl-crtd --enable-storeio=aufs,diskd,ufs --enable-wccpv2 --enable-esi --with-aio --with-default-user=squid --with-filedescriptors=16384 --with-dl --with-openssl --with-pthreads build_alias=x86_64-redhat-linux-gnu host_alias=x86_64-redhat-linux-gnu CFLAGS=-O2 && make && make install
I found this link but I don't know if this link is up to date...
http://linuxconfig.net/manual-howto/squid-and-ldap-authentication-from-active-directory.html
I checked and I already have the openldap-devel depencies installed on my OS.
Thanks for your help! ;)
Sébastien Boulianne
-----Message d'origine-----
De : squid-users [mailto:squid-users-bounces at lists.squid-cache.org] De la part de Eliezer Croitoru Envoyé : 19 octobre 2015 09:20 À : squid-users at lists.squid-cache.org Objet : Re: [squid-users] Replacing Microsoft TMG by Squid.
What latest version of squid? an RPM\package based or from sources?
If you have basic_ldap_auth it should be good and you can test it.
I do not know much about your knowledge of LDAP and if you do have LDAP in place already but I think you will need to first test the basic_ldap_auth and see how it works and then implement what you need.
If you do not have any background with LDAP you will need to learn a bit about it first before playing with the authentication.
The examples from older LDAP helpers should work for you in a similar way.
The LDAP dependencies are different from OS to OS and I do not have a running Oracle Linux I can fetch the exact package names but it should be something with "ldap" and "devel".
try "yum search ldap|grep -i devel" and you will might see the relevant package there.
All The Bests,
Eliezer
On 19/10/2015 15:57, Sebastien.Boulianne at cpu.ca wrote:
> Hey Eliezer,
>
> I am using the latest version of Squid... 3.5.10.
>
> As you can see, I have the basic_ldap_auth in /usr/lib64/squid/.
> Should it be good ?
>
> What are the ldap depencies ?
>
> Thanks.
>
> Sébastien
>
>
> -----Message d'origine-----
> De : squid-users [mailto:squid-users-bounces at lists.squid-cache.org] De
> la part de Eliezer Croitoru Envoyé : 18 octobre 2015 12:05 À :
> squid-users at lists.squid-cache.org Objet : Re: [squid-users] Replacing
> Microsoft TMG by Squid.
>
> Hey Sebastien,
>
> What version of squid are you using? self compiled or RPMs?
> It's clear that you do have basic_ldap_auth and you can use that to authenticate you users using that.
>
> If you are trying to build squid from sources you will need ldap dependencies to be able to build LDAP auth.
>
> I have seen the thread going on and on but you do have basic_ldap_auth... so what is the question at all about using that or not?
>
> Eliezer
>
> On 16/10/2015 20:51, Sebastien.Boulianne at cpu.ca wrote:
>> Hi all,
>>
>> Like you know, Microsoft discountinued the TMG.
>> The TMG was used as a reverse proxy.
>> Since many days, I work to replace our TMG by a Squid server v3.5.10 with Oracle Linux 7 x64.
>> I moved some sites this week but I have a little problem now.
>> How can I ask LDAP credentials for a user who want to access a directory on another server ?
>>
>> I currently do that with our TMG.
>>
>> I used Google but I can only find doc about LDAP auth for users they want to access the internet.
>>
>> [root at squid squid]# cd /usr/lib64/squid/ [root at squid squid]# ls
>> basic_db_auth basic_pam_auth cert_valid.pl ext_session_acl negotiate_kerberos_auth url_fake_rewrite
>> basic_getpwnam_auth basic_pop3_auth digest_edirectory_auth ext_time_quota_acl negotiate_kerberos_auth_test url_fake_rewrite.sh
>> basic_ldap_auth basic_radius_auth digest_file_auth ext_unix_group_acl ntlm_fake_auth
>> basic_msnt_auth basic_sasl_auth digest_ldap_auth ext_wbinfo_group_acl ntlm_smb_lm_auth
>> basic_msnt_multi_domain_auth basic_smb_auth diskd helper-mux.pl ssl_crtd
>> basic_ncsa_auth basic_smb_auth.sh ext_file_userip_acl log_db_daemon storeid_file_rewrite
>> basic_nis_auth cachemgr.cgi ext_ldap_group_acl log_file_daemon unlinkd
>>
>> Thanks.
>>
>> Sebastien
>>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list