| 125 | == ldap gegevens bepalen == |
| 126 | |
| 127 | Om basic authentication te ondersteunen moet u de DN's uitzoeken op uw windows server. Deze kunt u gokken, of u gebruikt de ldp.exe tool. Deze vind u in het 'Windows Support Tools' pakket van Microsoft. (http://www.microsoft.com/downloads/en/details.aspx?FamilyID=96a35011-fd83-419d-939b-9a772ea2df90&DisplayLang=en) |
| 128 | |
| 129 | In ons geval: |
| 130 | * Base DN: ''CN=Users,DC=adtest,DC=psy,DC=datux,DC=nl'' |
| 131 | * Administrator DN: ''CN=Administrator,CN=Users,DC=adtest,DC=psy,DC=datux,DC=nl'' |
| 132 | |
| 133 | == Keytab == |
| 134 | |
| 141 | == auth_param = |
| 142 | |
| 143 | Alle auth_param instellingen in /home/system/proxy/squid.conf vervangen: |
| 144 | {{{ |
| 145 | # Kerberos authentication settings |
| 146 | auth_param negotiate program /usr/bin/squid_kerb_auth -d |
| 147 | auth_param negotiate children 10 |
| 148 | auth_param negotiate keep_alive on |
| 149 | |
| 150 | # LDAP/AD settings, for clients that only support basic authentication: |
| 151 | auth_param basic program /usr/bin/squid_ldap_auth -b "CN=Users,DC=adtest,DC=psy,DC=datux,DC=nl" -s sub -D "CN=Administrator,CN=Users,DC=adtest,DC=psy,DC=datux,DC=nl" -w as -f "(&(objectClass |
| 152 | =person)(sAMAccountName=%s))" -u sAMAccountName -P -v 3 -h w2k3-edwin.adtest.psy.datux.nl |
| 153 | auth_param basic children 10 |
| 154 | auth_param basic realm Proxy Authentication |
| 155 | auth_param basic credentialsttl 2 hours |
| 156 | }}} |
| 157 | |
| 158 | == acl en http_access == |
| 159 | |
| 160 | Om tot slotte authenticatie in te schakellen en verplicht te stellen: |
| 161 | Toevoegen op de juiste plekken in /home/system/proxy/squid.conf: |
| 162 | {{{ |
| 163 | |
| 164 | acl auth proxy_auth REQUIRED |
| 165 | |
| 166 | http_access allow auth |
| 167 | |
| 168 | }}} |