User Authentication for the squid proxy in E-Smith 4.1.1

Hoay Fern

User Authentication for the squid proxy in E-Smith 4.1.1

« on: September 12, 2001, 08:56:25 AM »

Hi,

i have read the article User Authentication for the squid proxy in E-Smith 4.1.1at http://linux.made-to-order.net/article.php&mode=thread&order=0

pls correct me if i am wrong:
we need to create a directory in /usr/local/
1)# mkdir pam_auth

then mount the floopy disk

2) #mount /dev/fd1 -t vfat /mnt/floopy
3) #tar -xzvf pam_auth.tar.gz
4)put file in place and set correct permissions
#mkdir /usr/local/squid/bin
#mv pam_auth /usr/local/squid/bin
#chown root /usr/local/squid/bin/pam_auth
#chmod u+s /usr/local/squid/bin/pam_auth

5)add a squid config file for pam
pico /etc/pam.d/squid
add these two lines
auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so

or for ncsa_auth
cp /stc/shadow /usr/etc/passwd

what is this ncsa_auth mean :
did i ned this ? or i just need to :

pico /etc/pam.d/squid
add these two lines
auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so

6)add a template to e-smith for the squid.conf file

mkdir /etc/e-smith/templates-custom/etc/squid/squid.conf
pico /etc/e-smith/templates-custom/etc/squid/squid.conf/90AuthAdd
add these lines

authenticate_program /usr/local/squid/bin/pam_auth
authenticate_children 5
acl pwdprotect proxy_auth REQUIRED
http_access allow pwdprotect

or for ncsa_auth
authenticate_program usr/local/squid/bin/ncsa_auth /usr/etc/passwd
authenticate_children 5
acl pwdprotect proxy_auth REQUIRED
http_access allow pwdprotect localhost

what is the ncsa_auth for ?

7)copy the original template-begin

cp /etc/e-smith/templates/etc/squid/squid.conf/template-begin /etc/e-smith/templates-custom/etc/squid/squid.conf/template-begin

edit the access rules to remove the allow localhost
pico /etc/e-smith/templates-custom/etc/squid/squid.conf/template-begin

at approx line 1079 you will find http_access allow localhost comment it by puttting a # in front of the line

expand the template and restart squid

/sbin/e-smith/signal-event network-create

thanks

hoay fern

Logged

DJ_Ramjet99

Re: User Authentication for the squid proxy in E-Smith 4.1.1

« Reply #1 on: September 13, 2001, 12:36:02 AM »

Hi,

Having been through this yesterday, I think I can help. The HOW-TO has a couple of updates for it that were posted plus I found that you need to set-up your clients as well.

Try these two http://forums.contribs.org/index.php?topic=2264.msg7579#msg7579

http://linux.made-to-order.net/article.php?thold=0&mode=flat&order=0

And is now working sweetly-cheers again to Tim for sussing that out.

Logged

Hoay Fern

Re: User Authentication for the squid proxy in E-Smith 4.1.1

« Reply #2 on: September 13, 2001, 06:28:11 AM »

hi,

i receive ur reply but i have some questions to ask you .

yestreday i was trying to follow the steps by steps but i found that after i
do the step 7)/sbin/e-smith/signal-event network-create , then i go to
client side to try to access internet.

i cant access it.

is it because i puttting a # in front of the line 1079
http_access allow localhost then i cant access to internet but after i
delete the # in front of the line 1079 , i can access to internet.

May I know what is the line for ?

i wish to try again after i really understand everything

another question is :

if i set user sutentication in accessign proxy server, will it affected the
icq or yahoo messager or msn messager setting because we need it in order to
communicate with others collegues all over the world.

one more questions is what is the port number for SOCKS 4 or SOCKS 5 ?

last time when we use Wingate from Deerfield, the default port for the SOCKS
5 is 1080, but i dunno what is the port number for SOCKS 5 or SOCKS4 in
E-Smith.

pls assists

thanks for ur help

hoay fern

Logged

Hoay Fern

Re: User Authentication for the squid proxy in E-Smith 4.1.1

« Reply #3 on: September 17, 2001, 09:40:45 AM »

hi,

if we setup user autentication for Squid, it will use the user account that we created in E-Smith Manager ?

let said we wish to create different users that allowed to access the Squid proxy server, how can we do it ?

pls assist

hoay fern

Logged

Bart

Re: User Authentication for the squid proxy in E-Smith 4.1.1

« Reply #4 on: September 17, 2001, 08:12:48 PM »

E-smith 4.1.2 & squid-authentication, blocking non-proxy use

1) see following thread in ethe -smith forum :
http://forums.contribs.org/index.php?topic=11267.msg42387#msg42387
2) download appropiate rpm (e-smith-squid-0.2-1.i386.rpm) from
http://www.chez.com/vinc28/fetchmail.html
3) install, test, use and help with development

-Bart-

Logged

Hoay Fern

Re: User Authentication for the squid proxy in E-Smith 4.1.1

« Reply #5 on: September 18, 2001, 06:59:33 AM »

hi i have go to both website and found that

http://forums.contribs.org/index.php?topic=11267.msg42387#msg42387 is not i want.

may i know have u installed the User Authentication for the squid proxy in E-Smith 4.1.2 before ?

please assists

hoay fern

Logged

Hoay Fern

Re: User Authentication for the squid proxy in E-Smith 4.1.1

« Reply #6 on: September 20, 2001, 06:05:22 AM »

hi Bart,

May I know have u try to installed and use the method u recommend me at :
2)download appropiate rpm (e-smith-squid-0.2-1.i386.rpm) from
http://www.chez.com/vinc28/fetchmail.html
3) install, test, use and help with development

pls assist

hoay fern

Logged

Bart

Re: User Authentication for the squid proxy in E-Smith 4.1.1

« Reply #7 on: September 20, 2001, 09:36:32 PM »

Hoay,

Not just tried and installed, partially extenden the original system.

I extended vincent's initial source with the NAT-blocking part,
gave that back to him, and then rebuilt the rpm

So, i am sure it works.

Bart.

Logged