Configuring Basic authentication
These instructions are applicable if Kaspersky Web Traffic Security was installed from an RPM or DEB package to a ready-to-use operating system. If Kaspersky Web Traffic Security was installed from an ISO file, configuration files for the built-in proxy server cannot be manually changed.
Perform the steps for configuring
on the server hosting the Squid service.To configure authentication, the user account must have superuser rights.
To configure Basic authentication:
- Add the following lines into the beginning of the /etc/squid/squid.conf file, depending on the operating system:
- CentOS or Red Hat Enterprise Linux:
auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>auth_param basic children 10auth_param basic realm Squid proxy-caching web serverauth_param basic casesensitive offauth_param basic credentialsttl 1 minuteacl authenticated_user proxy_auth REQUIREDhttp_access deny !authenticated_user - SUSE Linux Enterprise Server:
auth_param basic program /usr/sbin/basic_ldap_auth -R -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>auth_param basic children 10auth_param basic realm Squid proxy-caching web serverauth_param basic casesensitive offauth_param basic credentialsttl 1 minuteacl authenticated_user proxy_auth REQUIREDhttp_access deny !authenticated_user - Ubuntu, Debian, or ALT Server:
auth_param basic program /usr/lib/squid/basic_ldap_auth -R -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>auth_param basic children 10auth_param basic realm Squid proxy-caching web serverauth_param basic casesensitive offauth_param basic credentialsttl 1 minuteacl authenticated_user proxy_auth REQUIREDhttp_access deny !authenticated_user
- CentOS or Red Hat Enterprise Linux:
- If you want to enable logging of events in debug mode, in the /etc/squid/squid.conf file add the
-dparameter to the first string.- CentOS or Red Hat Enterprise Linux:
auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -d -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller> - SUSE Linux Enterprise Server:
auth_param basic program /usr/sbin/basic_ldap_auth -R -d -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller> - Ubuntu, Debian, or ALT Server:
auth_param basic program /usr/lib/squid/basic_ldap_auth -R -d -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>
Debug events will be written to the file /var/log/squid/cache.log.
- CentOS or Red Hat Enterprise Linux:
- Restart the Squid service. To do so, execute the command:
service squid restart
Basic authentication will be configured.