Using both domain users and local users for Squid authentication?
Posted
by Massimo
on Server Fault
See other posts from Server Fault
or by Massimo
Published on 2010-06-03T08:37:19Z
Indexed on
2010/06/03
8:44 UTC
Read the original article
Hit count: 330
authentication
|squid
I'm working on a Squid proxy which needs to authenticate users against an Active Directory domain; this works fine, Samba was correctly set up and Squid authenticates users via ntlm_auth
. Relevant lines in squid.conf:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm keep_alive on
acl Authenticated proxy_auth REQUIRED
http_access allow Authenticated
http_access deny all
Now, I need a way to allow access to users which don't have a domain account. I know I could create an "internet user" account in the domain, but this would allow access, although limited, to domain resources (file shares, etc.); I need something that will allow only Internet access.
The ideal solution would be using a local account on the proxy server, either a Linux account or a Squid one; I know Squid supports this, but I'm unable to have it use both domain authentication and Squid/local authentication if domain auth is unsuccesful.
Can this be done? How?
© Server Fault or respective owner