Koozali.org: home of the SME Server

squid + auth on SME7

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
squid + auth on SME7
« on: December 26, 2011, 04:07:15 PM »
I'm sure I'd be called a moron... but I just cannot find it... so I'm asking:

I'd like to have SQUID + authentication (and NOT DANSGUARDING)... if possible just squid+auth or squid+squidguard+auth (I'll install SARG later!).

Objective: to have access groups to internet (full-internet, safe-sites-only, no-internet) and by include users in one of those groups, give controlled internet access and later have SARG reports.
I'd like to use anything BUT DansGuard.
If it matter, most workstations will be Ubuntu 10.04
SME751 as server-gateway and would like to have configurated to do not allow ANY access than using proxy (avoid bypass of proxy).

Regards

Jáder
...

Offline axessit

  • ****
  • 211
  • +0/-0
Re: squid + auth on SME7
« Reply #1 on: January 12, 2012, 05:26:52 PM »
« Last Edit: January 12, 2012, 05:28:49 PM by axessit »

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
Re: squid + auth on SME7
« Reply #2 on: January 14, 2012, 05:06:11 PM »
http://wiki.contribs.org/SquidGuard

and as the wiki says, http://www.squidguard.org, specifically http://www.squidguard.org/Doc/authentication.html

Thanks by your reply.
I was aware about those links but just was wondering if someone else had created a contrib/howto about this. (that's why I call myself a moron!)
It appears to be a very common request.

I'll verify this in February  (sorry... starting vacancies on monday) and document everything.
Maybe an HowTo or contrib results of these work.

Regards

Jáder


...

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
Re: squid + auth on SME7
« Reply #3 on: January 30, 2012, 10:32:26 PM »
As far I can test, just these commands are enough:

Code: [Select]
config setprop squid RequireAuth pam
expand-template /etc/squid/squid.conf
sv t /service/squid

First one it's the magic one, other two expand templates and restart squid.
Remember squid takes 1 min to restart... be patient.

I'll test on production tomorrow afternoon and return.

To register, to change message on box to login (known as REALM)
you can TEST editing this file: /etc/squid.conf and search for
Code: [Select]
auth_param basic realm SME_Linux_Server^M
You 'll wanna change the SME_Linux_Server
Later you'll have to template this file to make changes permanent:

/etc/e-smith/templates/etc/squid/squid.conf/15AuthProgramPamAuth
(more about this later, if anyone interested... or search docs about howto template fragments)

Jáder
...