Configuring Basic authentication

Perform the steps for configuring Basic authentication on the server hosting the Squid service.

To configure authentication, the user account must have superuser rights.

To configure Basic authentication:

  1. Add the following lines into the beginning of the /etc/squid/squid.conf file, depending on the operating system:
    • CentOS or Red Hat Enterprise Linux:

      auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>

      auth_param basic children 10

      auth_param basic realm Squid proxy-caching web server

      auth_param basic casesensitive off

      auth_param basic credentialsttl 1 minute

      acl authenticated_user proxy_auth REQUIRED

      http_access deny !authenticated_user

    • SUSE Linux Enterprise Server:

      auth_param basic program /usr/sbin/basic_ldap_auth -R -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>

      auth_param basic children 10

      auth_param basic realm Squid proxy-caching web server

      auth_param basic casesensitive off

      auth_param basic credentialsttl 1 minute

      acl authenticated_user proxy_auth REQUIRED

      http_access deny !authenticated_user

    • Ubuntu or Debian:

      auth_param basic program /usr/lib/squid/basic_ldap_auth -R -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>

      auth_param basic children 10

      auth_param basic realm Squid proxy-caching web server

      auth_param basic casesensitive off

      auth_param basic credentialsttl 1 minute

      acl authenticated_user proxy_auth REQUIRED

      http_access deny !authenticated_user

  2. If you want to enable logging of events in debug mode, in the /etc/squid/squid.conf file add the -d parameter to the first string:
    • CentOS or Red Hat Enterprise Linux:

      auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -d -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>

    • SUSE Linux Enterprise Server:

      auth_param basic program /usr/sbin/basic_ldap_auth -R -d -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>

    • Ubuntu or Debian:

      auth_param basic program /usr/lib/squid/basic_ldap_auth -R -d -b "<LDAP object (domain, group, or organizational unit) in DN format (for example, "ou=ou_name,dc=test,dc=local" or "dc=domain,dc=example,dc=com")>" -D "<user name>@<Active Directory domain>" -w "<user password>" -f "sAMAccountName=%s" <IP address of the Active Directory domain controller>

    Debug events will be written to the file /var/log/squid/cache.log.

  3. Restart the Squid service. To do so, execute the command:

    service squid restart

Basic authentication will be configured.

Page top