[FUG-BR] Squid_Ldap_Auth + Squid 3.1.3 + FreeBSD 8.0

-- mprota em bsd.com.br
Sábado Junho 19 21:32:29 BRT 2010


Dá uma pesquisada sobre ntlm_auth, winbind, single sign on. Acredito que vá
resolver o seu problema.

Em 18 de junho de 2010 15:52, eduwutzl em gmail.com <eduwutzl em gmail.com>escreveu:

> Boa tarde.....
>
> Estou tentando implementar squid_ldap_auth que autentica em um servidor
> Windows 2003 server.
>
> Ate ai, tudo bem, esta funcionando a autenticacao LDAP, porem, eu preciso
> deixar a autenticacao para usuarios que usam Windows XP autenticado no
> dominio, quando abrirem o browser, que a autenticacao seja automatica ou
> seja, transparente.
> O Browser fica solicitando usuario e senha, se eu colocar um usuario do meu
> AD e sua senha, funciona, mas eu preciso que seja feito automaticamente.
>
> Existe alguma maneira?
>
> Abaixo meu squid.conf
>
> #########
> # AUTENTICACAO
> #
> auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -b
> "dc=domain,dc=com" -D "cn=proxy_user,ou=internet,dc=domain,dc=com" -w
> "domain em 123mudar" -f sAMAccountName=%s -h 192.168.0.1
> auth_param basic transparent Insira seu Usuario e Senha da Rede!!!
> auth_param basic children 5
> auth_param basic credentialsttl 15 minutes
> #########
> #########
> ##
> acl password proxy_auth REQUIRED
> ##
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl localhost src ::1/128
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
> acl to_localhost dst ::1/128
>
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
> acl localnet src fc00::/7   # RFC 4193 local private network range
> acl localnet src fe80::/10  # RFC 4291 link-local (directly plugged)
> machines
>
> acl SSL_ports port 443
> acl Safe_ports port 80 8443 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 8443 # PLESK
> acl CONNECT method CONNECT
>
>
> ##
> #
> external_acl_type ldap_group %LOGIN
> /usr/local/libexec/squid/squid_ldap_group -R -b "dc=dominio,dc=com" -D
> "cn=proxy_user,ou=internet,dc=domain,dc=com" -w "domain em 123mudar" -f
>
> "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=internet,dc=domain,dc=com))"
> -h 192.168.0.1
> acl ldapAcessoPadrao external ldap_group AcessoPadrao
> #########
>
> acl ips_liberados src "/usr/local/etc/squid/SECURITY/ips_liberados.txt"
> acl sites_liberados dstdomain -i
> "/usr/local/etc/squid/SECURITY/sites_liberados.txt"
> acl palavras_proibidas url_regex
> "/usr/local/etc/squid/SECURITY/palavras_proibidas.txt"
> acl extencoes_proibidas url_regex -i
> "/usr/local/etc/squid/SECURITY/extencoes_proibidas.txt"
> acl sites_proibidos dstdomain
> "/usr/local/etc/squid/SECURITY/sites_proibidos.txt"
>
>
> #########
> http_access allow ips_liberados
> http_access allow sites_liberados
> http_access deny palavras_proibidas
> http_access deny extencoes_proibidas
> http_access deny sites_proibidos
>
> http_access allow ldapAcessoPadrao
>
> ##########
> http_access allow manager localhost
> http_access deny manager
> http_access allow Safe_ports
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localnet
> http_access allow localhost
> ##
> http_access allow password
> ##
> http_access deny all
>
> ##
> http_port 3128
> hierarchy_stoplist cgi-bin ?
>
> ##
> cache_mem 512 MB
> maximum_object_size_in_memory 10240 KB
> memory_replacement_policy lru
> cache_replacement_policy lru
> cache_dir ufs /tank/squid/cache 102400 16 256
> max_open_disk_fds 0
> minimum_object_size 0 KB
> maximum_object_size 1024000 KB
> cache_swap_low 90
> cache_swap_high 95
>
> ##
> log_fqdn on
> #logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh
> access_log /tank/squid/logs/access.log squid
> cache_store_log /tank/squid/logs/store.log
> cache_log /tank/squid/logs/cache.log
> coredump_dir /var/squid/cache
>
> diskd_program /usr/local/libexec/squid/diskd
> unlinkd_program /usr/local/libexec/squid/unlinkd
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
>
> visible_hostname omegared
> dns_nameservers 192.168.0.1
>
>
>
>
> =======================
> Eduardo Wutzl
> Tecnólogo
> eduwutzl em gmail.com
> -
> 11-7892-7580
> Nextel ID: 100*116975
> =======================
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>


Mais detalhes sobre a lista de discussão freebsd