Squid v AD

Nejdřív NTP

nastavíme do samba.conf

#GLOBAL PARAMETERS
[global]
  workgroup = DINTERNAL
  realm = DOMAIN.INTERNAL
  preferred master = no
  server string = squid proxy server
  security = ADS
  encrypt passwords = yes
  log level = 3
  log file = /var/log/samba/%m
  max log size = 50
  printcap name = cups
  printing = cups
  winbind enum users = Yes
  winbind enum groups = Yes
  winbind use default domain = Yes
  winbind nested groups = Yes
  winbind trusted domains only = Yes
  winbind cache time = 3600
  winbind separator = +
  template shell = /bin/bash

do hosts přidat řádek s adresou serveru s plným i zkráceným jménem

spustit připojení k doméně a konfiguraci přihlašování do ad

authconfig \
--update \
--kickstart \
--enablewinbind \
--enablewinbindauth \
--smbsecurity=ads \
--smbworkgroup=$ADSWorkgroup \
--smbrealm=$ADSDomain \
--smbservers=$ADSServer \
--winbindjoin=$AdminUser \
--winbindtemplatehomedir=/home/%U \
--winbindtemplateshell=/bin/bash \
--enablewinbindusedefaultdomain \
--enablelocauthorize

konfigurace squidu

### NTLM
auth_param ntlm \
   program /usr/bin/ntlm_auth \
   --diagnostics \
   --helper-protocol=squid-2.5-ntlmssp \
   --domain=DINTERNAL
auth_param ntlm children 10
auth_param ntlm keep_alive off

### LDAP
auth_param basic \
   program /usr/lib/squid/squid_ldap_auth \
   -R -b "dc=DOMAIN,dc=INTERNAL" \
   -D user@domain.internal \
   -W /etc/squid/ldappass.txt \
   -f sAMAccountName=%s \
   -h dc.domain.internal
auth_param basic children 10
auth_param basic realm Internet Proxy
auth_param basic credentialsttl 1 minute

### access list
acl auth proxy_auth REQUIRED

### vynutime overeni klientu
http_access deny !auth
http_access allow auth

spusteni sluzeb

/sbin/chkconfig winbind on
/sbin/service winbind start
/sbin/chkconfig smb on
/sbin/service smb start

Napsat komentář