Web Filtering On Squid 3 Windows Active Directory Integration

Discussion in 'HOWTO-Related Questions' started by Tularis, Sep 4, 2012.

  1. Tularis

    Tularis New Member


    I have been following the steps provided in the HOWTO: Web Filtering On Squid 3 With QuintoLabs Content Security 1.4 And Windows Active Directory Integration (http://www.howtoforge.com/web-filte...4-and-windows-active-directory-integration-p2)

    But I get presented with a login box for access to the proxy.


    I type in the details, of any AD account but it just pops up again..
    Everything seems to have gone OK and I haven't had any specified errors...
    I am a quite a linux noob but have managed to work through this little project.

    So any help would be greatly appreciated.

    	workgroup = PIT1
    	realm = PIT1.LOCAL
    	server string = Samba Server Version %v
    	security = ADS
    	log file = /var/log/samba/log.%m
    	max log size = 50
    	cups options = raw
    	kerberos method = dedicated keytab
    	dedicated keytab file = /etc/krb5.keytab
    	comment = Home Directories
    	read only = No
    	browseable = No
    	comment = All Printers
    	path = /var/spool/samba
    	printable = Yes
    	browseable = No

    # Setup NEGOTIATE authentication for Active Directory with Kerberos
    auth_param negotiate program /usr/lib/squid/negotiate_kerb_auth -s HTTP/proxy
    auth_param negotiate children 10
    auth_param negotiate keep_alive on
    # to see the negotiator log messages in the /var/log/squid/cache.log uncomment
    # debug_options 29,9 and pass additional -d parameter to negotiate_kerb_auth
    acl auth proxy_auth REQUIRED
    # Recommended minimum configuration:
    acl manager proto cache_object
    acl localhost src ::1
    acl to_localhost dst ::1
    # Example rule allowing access from your local networks.
    # Adapt to list your (internal) IP networks from where browsing
    # should be allowed
    # acl localnet src	# RFC1918 possible internal network
    acl localnet src	# RFC1918 possible internal network
    # acl localnet src	# RFC1918 possible internal network
    # acl localnet src fc00::/7       # RFC 4193 local private network range
    # acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
    acl SSL_ports port 443
    acl Safe_ports port 80		# http
    acl Safe_ports port 21		# ftp
    acl Safe_ports port 443		# https
    acl Safe_ports port 70		# gopher
    acl Safe_ports port 210		# wais
    acl Safe_ports port 1025-65535	# unregistered ports
    acl Safe_ports port 280		# http-mgmt
    acl Safe_ports port 488		# gss-http
    acl Safe_ports port 591		# filemaker
    acl Safe_ports port 777		# multiling http
    acl CONNECT method CONNECT
    # Recommended minimum Access Permission configuration:
    # Only allow cachemgr access from localhost
    http_access allow manager localhost
    http_access deny manager
    # http_access allow localnet
    # Deny requests to certain unsafe ports
    http_access deny !Safe_ports
    # Deny CONNECT to other than secure SSL ports
    http_access deny CONNECT !SSL_ports
    # We strongly recommend the following be uncommented to protect innocent
    # web applications running on the proxy server who think the only
    # one who can access services on "localhost" is a local user
    # http_access deny to_localhost
    http_access deny !auth
    http_access allow auth
    # Example rule allowing access from your local networks.
    # Adapt localnet in the ACL section to list your (internal) IP networks
    # from where browsing should be allowed
    # http_access allow localnet
    # http_access allow localhost
    # And finally deny all other access to this proxy
    http_access deny all
    # Squid normally listens to port 3128
    http_port 3128
    # We recommend you to use at least the following line.
    hierarchy_stoplist cgi-bin ?
    # Uncomment and adjust the following to add a disk cache directory.
    #cache_dir ufs /var/spool/squid 100 16 256
    # Leave coredumps in the first cache dir
    coredump_dir /var/spool/squid
    # Add any of your own refresh_pattern entries above these.
    refresh_pattern ^ftp:		1440	20%	10080
    refresh_pattern ^gopher:	1440	0%	1440
    refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
    refresh_pattern .		0	20%	4320
    visible_hostname proxy.pit1.local
    icap_enable on
    icap_preview_enable on
    icap_preview_size 4096
    icap_persistent_connections on
    icap_send_client_ip on
    icap_send_client_username on
    icap_service qlproxy1 reqmod_precache bypass=0 icap://
    icap_service qlproxy2 respmod_precache bypass=0 icap://
    adaptation_access qlproxy1 allow all
    adaptation_access qlproxy2 allow all
    I've probably missed something really simple...
  2. Tularis

    Tularis New Member


Share This Page