Squid Proxy and Windows Active Directory Authentication
An Internet or Web Proxy is one of the most important applications on a large network. It allows you to:
- track user’s internet usage
- save on bandwidth costs through content caching
- limit user access to irrelevant or objectionable content
If you’re running PaperCut, and want to make use of Internet Quotas, then you will need a proxy server that logs the Internet usage and user names to a log file.
Squid Proxy is one of the best proxies out there, and is available for no cost, however it’s designed to run on Linux/Unix machines. This often poses a problem if you’re running a Windows Active Directory, because you can’t get Squid to authenticate users before giving them access to the Internet.
Fortunately, Squid comes with some utilities to solve this problem. The Squid LDAP authentication helpers allow you to authenticate users in an LDAP directory and even assign access rights based on their LDAP group membership.
So what’s this got to do with Microsoft Active Directory?! Well Active Directory is actually an LDAP v3 compliant directory, so it can be queried across a network from any LDAP compliant applications, including Squid.
Working with Ryan Brinch (one of our customers), we’ve written a how-to guide to configuring Squid to authenticate with Active Directory.
It details the configuration changes you need to make to
squid.conf in order to use the Squid LDAP helpers (
squid_ldap_group) to authenticate with Active Directory.
This is a much easier way to get Squid/Windows authentication to work without having to install and configure Samba and Winbind … and you don’t need your Squid server to be a member of your domain. It’s much simpler!
Hopefully that helps you out. Feel free to get in touch if you have any questions or suggestions.