[Samba] samba4 + squid 2.7 auth

L.P.H. van Belle belle at bazuin.nl
Fri Sep 5 00:37:44 MDT 2014


beware of the config difference beween all squid version. 
squid 2.7 is way old, and i really suggest you upgrade to at least squid 3.1. ( debian wheezy ) 
as for 3.3 there were lots of improvements for the newer protocols. 
and there where kerberos fixes in 3.2 and up. 
rebuilding from jessie to wheezy isnt that here, google for it. 

this is my setup for squid 3.3.8. ( debian wheezy, but squid rebuild from debian jessie ) 

see the -f and -D parameter, this is for a kerberos based auth against AD domain. 

auth_param basic program /usr/lib/squid3/basic_ldap_auth -R \
        -b "OU=Users,DC=internal,DC=domain,DC=tld" \
        -D ldap-bind at internal.domain.tld -W /etc/squid3/private/ldap-bind \
        -f (|(userPrincipalName=%s)(sAMAccountName=%s)) \
        -h dc1.internal.domain.tld

and this is the fallback for the above but ldap based. 

auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 \
         -b "DC=internal,DC=domain,DC=tld" \
         -D cn=ldap-bind,dc=internal,DC=domain,DC=tld  -W /etc/squid3/private/ldap-bind \
         -f uid=%s dc1.internal.domain.tld



>-----Oorspronkelijk bericht-----
>Van: heupink at merit.unu.edu 
>[mailto:samba-bounces at lists.samba.org] Namens mourik jan 
>heupink - merit
>Verzonden: donderdag 4 september 2014 14:24
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] samba4 + squid 2.7 auth
>These lines are for squid3, but work here:
>> auth_param basic program /usr/lib/squid3/squid_ldap_auth -v 
>3 -P -R -u cn -s sub -b "DC=samba,DC=company,DC=com" -D 
>-w "ldap_search_account_password" -f "(&(sAMAccountName=%s))" 
>-h dc.company.com
>> acl ldapauth proxy_auth REQUIRED
>> http_access allow ldapauth
>Hope this helps you,
>Mourik Jan
>On 09/04/2014 10:08 AM, Agustín Dixan Díaz Corrales wrote:
>> Hi list, i have a samba4 AD server working, and squid 2.7 auth
>> internal...so i need change the auth of squid to my samba4 
>> search in google but information is incomplete and diferent...any
>> official site, wiki or user experince to get information about?
>> regards and thanks
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list