Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: Jáder on December 26, 2011, 04:07:15 PM

Title: squid + auth on SME7
Post by: Jáder on December 26, 2011, 04:07:15 PM

I'm sure I'd be called a moron... but I just cannot find it... so I'm asking:

I'd like to have SQUID + authentication (and NOT DANSGUARDING)... if possible just squid+auth or squid+squidguard+auth (I'll install SARG later!).

Objective: to have access groups to internet (full-internet, safe-sites-only, no-internet) and by include users in one of those groups, give controlled internet access and later have SARG reports.
I'd like to use anything BUT DansGuard.
If it matter, most workstations will be Ubuntu 10.04
SME751 as server-gateway and would like to have configurated to do not allow ANY access than using proxy (avoid bypass of proxy).

Regards

Jáder

Title: Re: squid + auth on SME7
Post by: axessit on January 12, 2012, 05:26:52 PM

http://wiki.contribs.org/SquidGuard (http://wiki.contribs.org/SquidGuard)

and as the wiki says, http://www.squidguard.org (http://www.squidguard.org), specifically http://www.squidguard.org/Doc/authentication.html (http://www.squidguard.org/Doc/authentication.html)

Title: Re: squid + auth on SME7
Post by: Jáder on January 14, 2012, 05:06:11 PM

Quote from: axessit on January 12, 2012, 05:26:52 PM

http://wiki.contribs.org/SquidGuard (http://wiki.contribs.org/SquidGuard)

and as the wiki says, http://www.squidguard.org (http://www.squidguard.org), specifically http://www.squidguard.org/Doc/authentication.html (http://www.squidguard.org/Doc/authentication.html)

Thanks by your reply.
I was aware about those links but just was wondering if someone else had created a contrib/howto about this. (that's why I call myself a moron!)
It appears to be a very common request.

I'll verify this in February  (sorry... starting vacancies on monday) and document everything.
Maybe an HowTo or contrib results of these work.

Regards

Jáder

Title: Re: squid + auth on SME7
Post by: Jáder on January 30, 2012, 10:32:26 PM

As far I can test, just these commands are enough:

Code: [Select]

config setprop squid RequireAuth pam
expand-template /etc/squid/squid.conf
sv t /service/squid

First one it's the magic one, other two expand templates and restart squid.
Remember squid takes 1 min to restart... be patient.

I'll test on production tomorrow afternoon and return.

To register, to change message on box to login (known as REALM)
you can TEST editing this file: /etc/squid.conf and search for

Code: [Select]

auth_param basic realm SME_Linux_Server^M
You 'll wanna change the SME_Linux_Server
Later you'll have to template this file to make changes permanent:

/etc/e-smith/templates/etc/squid/squid.conf/15AuthProgramPamAuth
(more about this later, if anyone interested... or search docs about howto template fragments)

Jáder