Blog / News

Posted on by Matt

Squid Proxy and Windows Active Directory Authentication

An Internet or Web Proxy is one of the most important applications on a large network. It allows you to

  • track user’s internet usage
  • save on bandwidth costs through content caching
  • limit user access to irrelevant or objectionable content

If you’re running PaperCut, and want to make use of Internet Quotas, then you will need a proxy server that logs the Internet usage and user names to a log file.

Squid Proxy is one of the best proxies out there, and is available for no cost, however it’s designed to run on Linux/Unix machines. This often poses a problem if you’re running a Windows Active Directory, because you can’t get Squid to authenticate users before giving them access to the Internet.

Fortunately, Squid comes with some utilities to solve this problem. The Squid LDAP authentication helpers allow you to authenticate users in an LDAP directory and even assign access rights based on their LDAP group membership.

So what’s this got to do with Microsoft Active Directory?! Well Active Directory is actually an LDAP v3 compliant directory, so it can be queried across a network from any LDAP compliant applications, including Squid.

Working with Ryan Brinch (one of our customers), we’ve written a how-to guide to configuring Squid to authenticate with Active Directory.

It details the configuration changes you need to make to squid.conf in order to use the Squid LDAP helpers (ldap_auth and squid_ldap_group) to authenticate with Active Directory.

This is a much easier way to get Squid/Windows authentication to work without having to install and configure Samba and Winbind … and you don’t need your Squid server to be a member of your domain. It’s much simpler!

Hopefully that helps you out. Feel free to get in touch if you have any questions or suggestions.


This entry was posted in General. Bookmark the permalink.


Comments

  • Lino Benitez

    Regarding the Group Authentication. For example: I have 5 users named user1, user2, user3,user4 and user5. And each user has a different groups belong. Ex. user1 belong to group1, user2 belong to group2, user3 belong to group3, user4 belong to group5. Now the question is? Using the squid_ldap_group how you will authenticate users belongs to different group what sort of parameters will i do. Because in your example you only authenticate a user in a particular group not on so many groups.

  • RJL

Blog Categories & Archives