Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Hoay Fern on September 12, 2001, 08:56:25 AM

Title: User Authentication for the squid proxy in E-Smith 4.1.1
Post by: Hoay Fern on September 12, 2001, 08:56:25 AM

Hi,

i have read the article User Authentication for the squid proxy in E-Smith 4.1.1at http://linux.made-to-order.net/article.php&mode=thread&order=0


pls correct me if i am wrong:
we need to create a directory in /usr/local/
1)# mkdir pam_auth
 
then mount the floopy disk
 
2) #mount /dev/fd1 -t vfat  /mnt/floopy
3) #tar -xzvf pam_auth.tar.gz
4)put file in place and set correct permissions
    #mkdir /usr/local/squid/bin
    #mv pam_auth /usr/local/squid/bin
    #chown root /usr/local/squid/bin/pam_auth
    #chmod u+s /usr/local/squid/bin/pam_auth

5)add a squid config file for pam
pico /etc/pam.d/squid
add these two lines
auth    required        /lib/security/pam_unix.so
account required        /lib/security/pam_unix.so

or for ncsa_auth
cp /stc/shadow /usr/etc/passwd

what is this ncsa_auth mean :
did i ned this ? or i just need to :

pico /etc/pam.d/squid
add these two lines
auth    required        /lib/security/pam_unix.so
account required        /lib/security/pam_unix.so

6)add a template to e-smith for the squid.conf file

mkdir /etc/e-smith/templates-custom/etc/squid/squid.conf
pico /etc/e-smith/templates-custom/etc/squid/squid.conf/90AuthAdd
add these lines

authenticate_program /usr/local/squid/bin/pam_auth
authenticate_children 5
acl pwdprotect proxy_auth REQUIRED
http_access allow pwdprotect


or for ncsa_auth
authenticate_program usr/local/squid/bin/ncsa_auth /usr/etc/passwd
authenticate_children 5
acl pwdprotect proxy_auth REQUIRED
http_access allow pwdprotect localhost

what is the ncsa_auth for ?

7)copy the original template-begin

cp /etc/e-smith/templates/etc/squid/squid.conf/template-begin /etc/e-smith/templates-custom/etc/squid/squid.conf/template-begin

edit the access rules to remove the allow localhost
pico /etc/e-smith/templates-custom/etc/squid/squid.conf/template-begin

at approx line 1079 you will find http_access allow localhost comment it by puttting a # in front of the line
 
8) expand the template and restart squid

/sbin/e-smith/signal-event network-create
 
thanks
 
hoay fern

Title: Re: User Authentication for the squid proxy in E-Smith 4.1.1
Post by: DJ_Ramjet99 on September 13, 2001, 12:36:02 AM

Hi,

Having been through this yesterday, I think I can help. The HOW-TO has a couple of updates for it that were posted plus I found that you need to set-up your clients as well.


Try these two http://forums.contribs.org/index.php?topic=2264.msg7579#msg7579

http://linux.made-to-order.net/article.php?thold=0&mode=flat&order=0

And is now working sweetly-cheers again to Tim for sussing that out.

Title: Re: User Authentication for the squid proxy in E-Smith 4.1.1
Post by: Hoay Fern on September 13, 2001, 06:28:11 AM

hi,

i receive ur reply but i have some questions to ask you .

yestreday i was trying to follow the steps by steps but i found that after i
do the step 7)/sbin/e-smith/signal-event network-create , then i go to
client side to try to access internet.

i cant access it.

is it because i puttting a # in front of the line 1079
http_access allow localhost then i cant access to internet but after i
delete the # in front of the line 1079 , i can access to internet.

May I know what is the line for ?

 
i wish to try again after i really understand everything

another question is :

if i set user sutentication in accessign proxy server, will it affected the
icq or yahoo messager or msn messager setting because we need it in order to
communicate with others collegues all over the world.

one more questions is what is the port number for SOCKS 4 or SOCKS 5 ?

last time when we use Wingate from Deerfield, the default port for the SOCKS
5 is 1080, but i dunno what is the port number for SOCKS 5 or SOCKS4 in
E-Smith.

pls assists

thanks for ur help

hoay fern

Title: Re: User Authentication for the squid proxy in E-Smith 4.1.1
Post by: Hoay Fern on September 17, 2001, 09:40:45 AM

hi,

if we setup user autentication for Squid, it will use the user account that we created in E-Smith Manager ?

let said we wish to create different users that allowed to access the Squid proxy server, how can we do it ?

pls assist

hoay fern

Title: Re: User Authentication for the squid proxy in E-Smith 4.1.1
Post by: Bart on September 17, 2001, 08:12:48 PM

E-smith 4.1.2 & squid-authentication, blocking non-proxy use

1) see following thread in ethe -smith forum :
 http://forums.contribs.org/index.php?topic=11267.msg42387#msg42387
2) download appropiate rpm (e-smith-squid-0.2-1.i386.rpm) from
 http://www.chez.com/vinc28/fetchmail.html
3) install, test, use and help with development

-Bart-

Title: Re: User Authentication for the squid proxy in E-Smith 4.1.1
Post by: Hoay Fern on September 18, 2001, 06:59:33 AM

hi i have go to both website and found that

http://forums.contribs.org/index.php?topic=11267.msg42387#msg42387 is not i want.

may i know have u installed the User Authentication for the squid proxy in E-Smith 4.1.2 before ?

please assists

hoay fern

Title: Re: User Authentication for the squid proxy in E-Smith 4.1.1
Post by: Hoay Fern on September 20, 2001, 06:05:22 AM

hi Bart,

May I know have u try to installed and use the method u recommend me at :
2)download appropiate rpm (e-smith-squid-0.2-1.i386.rpm) from
http://www.chez.com/vinc28/fetchmail.html
3) install, test, use and help with development

pls assist

hoay fern

Title: Re: User Authentication for the squid proxy in E-Smith 4.1.1
Post by: Bart on September 20, 2001, 09:36:32 PM

Hoay,

Not just tried and installed, partially extenden the original system.

I extended vincent's initial source with the NAT-blocking part,
gave that back to him, and then rebuilt the rpm

So, i am sure it works.

Bart.