I recently set up samba as a primary domain controller on my server. How can I set up squid to require authentication before allowing access? Basically I want it to use the same usernames/passwords that people use to log in to the domain. (Seamless auth would be a big plus).
Also, is it possible to make squid randomly redirect requests to a specified url on a per-user basis? I have a couple users I would love to randomly redirect certain requests to a different website.
Squid/Samba Domain Controller - Require authentication
Re: Squid/Samba Domain Controller - Require authentication
I see you have already been involved in an old thread on using Squid so I take it you are already familiar with Squid and now just want help getting domain authentication working. By the way, I am also using Samba domain authentication and have been for a long time now. Basically on the PDC I have a local group (/etc/group) called "proxyusers". I add all the users I want to be able to authenticate in that group. I then have a section in my smb.conf that looks like this:Maniaman wrote:I recently set up samba as a primary domain controller on my server. How can I set up squid to require authentication before allowing access? Basically I want it to use the same usernames/passwords that people use to log in to the domain. (Seamless auth would be a big plus).
Code: Select all
[proxyauth$]
comment = Proxy Authentication
path = /var/samba/proxyauth
valid users = @proxyusers
guest ok = no
public = no
writable = no
share modes = no
Now on your squid server look for the section with the auth_param examples. Add these lines:
Code: Select all
auth_param basic program /usr/lib/squid/smb_auth -W YOURDOMAIN -U YOURPDC -S /proxyauth$/proxyauth
auth_param basic children 5
auth_param basic realm RestrictedProxy
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
Here are what my rules look like:
Code: Select all
acl bannedsites dstdomain "/etc/squid/acl/banned.sites"
acl unrestricted_users proxy_auth "/etc/squid/acl/unrestricted.grp"
acl kidsgrp proxy_auth "/etc/squid/acl/kids.grp"
http_access allow unrestricted_users !bannedsites
http_access allow kidsgrp localhost !bannedsites
http_access allow localhost
http_access deny all
The last piece is getting the /usr/lib/squid/smb_auth.sh script working. I have found that every time Squid gets updated it updates the /usr/lib/squid/smb_auth.sh with a broken script. I always have to edit it and change the "SAMBAPREFIX" variable to "/usr":
Code: Select all
SAMBAPREFIX="/usr"
Code: Select all
./smb_auth.sh
YOURDOMAIN
YOURPDC
YOURPDC
proxyauth$
proxyauth
YOURDOMAINUSERNAME
YOURDOMAINPASSWORD
Code: Select all
Contents of //YOURPDC/proxyauth$/proxyauth: allow
Randomly? Not sure exactly what you mean here but it sounds like you want a content filter. Dansguardian is an excellent content filter:Maniaman wrote:Also, is it possible to make squid randomly redirect requests to a specified url on a per-user basis? I have a couple users I would love to randomly redirect certain requests to a different website.
http://dansguardian.org/
I've been using it for quite a while and it works well.
It works! Thanks.
Not really looking for content filtering. Basically I am wanting to play a prank on a couple of my users who just waste time playing pogo games. I want to set something up so they are served a different website (that i could specify) than what they typed in and were planning on getting.Randomly? Not sure exactly what you mean here but it sounds like you want a content filter. Dansguardian is an excellent content filter:
I don't know of a way to do it right in the squid.conf but you certainly can redirect using squid. That's what the adzapper script does. It redirect ad URLs to your a URL of your choice. Here are some other redirect scripts for squid:
http://squirm.foote.com.au/
http://www.zippo.ch/thomas/asqredir/
http://adzapper.sourceforge.net/
http://squirm.foote.com.au/
http://www.zippo.ch/thomas/asqredir/
http://adzapper.sourceforge.net/