linux poison RSS
linux poison Email

Squid Authentication using RADIUS

Radius is a server for remote user authentication and accounting. Its primary use is for Internet Service Providers, though it may as well be used on any network that needs a centralized authentication and/or accounting service for its workstations.

In this article I wont go into detail about installation and configuration of RADIUS or Squid server and will assume that both are installed and configure properly.

Download the squid authenticating module -- Here.
Unpack it and compile it
# tar -zxvf squid_radius_auth-1.10.tar.gz
# cd squid_radius_auth-1.10/
# make
You will get a squid_radius_auth executable that you can move to a safe place. It needs a config file, squid_radius_auth that should contain the name of the RADIUS server and the secret:
    server radius_server
    secret secret_phrase
Now, configure Squid to use RADIUS server for Authentication, open your squid.conf file and find and replace the auth section with following ...
    auth_param basic program /path_to_auth/squid_radius_auth
    auth_param basic children 5
    auth_param basic realm Please enter your domain credentials
    auth_param basic credentialsttl 8 hours
Next you have to condition Squid to allow only authenticated users. In the following example users that are in the local LAN are allowed without logging in but users that don't show up in the local users file (localusers) are asked to login:
    acl passwd proxy_auth
    acl localusers src "/etc/squid/localusers"

    http_access allow localusers
    http_access allow all passwd
    http_access allow all
You'll also have a log of who and when logged on to use the web services on the RADIUS server's logs.


6 comments:

Post a Comment

Related Posts with Thumbnails