Using both domain users and local users for Squid authentication?

Posted by Massimo on Server Fault See other posts from Server Fault or by Massimo
Published on 2010-06-03T08:37:19Z Indexed on 2010/06/03 8:44 UTC
Read the original article Hit count: 330

Filed under:
|

I'm working on a Squid proxy which needs to authenticate users against an Active Directory domain; this works fine, Samba was correctly set up and Squid authenticates users via ntlm_auth. Relevant lines in squid.conf:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
acl Authenticated proxy_auth REQUIRED
http_access allow Authenticated
http_access deny all

Now, I need a way to allow access to users which don't have a domain account. I know I could create an "internet user" account in the domain, but this would allow access, although limited, to domain resources (file shares, etc.); I need something that will allow only Internet access.

The ideal solution would be using a local account on the proxy server, either a Linux account or a Squid one; I know Squid supports this, but I'm unable to have it use both domain authentication and Squid/local authentication if domain auth is unsuccesful.

Can this be done? How?

© Server Fault or respective owner

Related posts about authentication

Related posts about squid