[FUG-BR] Squid_Ldap_Auth + Squid 3.1.3 + FreeBSD 8.0

eduwutzl em gmail.com eduwutzl em gmail.com
Sexta Junho 18 15:52:51 BRT 2010


Boa tarde.....

Estou tentando implementar squid_ldap_auth que autentica em um servidor
Windows 2003 server.

Ate ai, tudo bem, esta funcionando a autenticacao LDAP, porem, eu preciso
deixar a autenticacao para usuarios que usam Windows XP autenticado no
dominio, quando abrirem o browser, que a autenticacao seja automatica ou
seja, transparente.
O Browser fica solicitando usuario e senha, se eu colocar um usuario do meu
AD e sua senha, funciona, mas eu preciso que seja feito automaticamente.

Existe alguma maneira?

Abaixo meu squid.conf

#########
# AUTENTICACAO
#
auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -b
"dc=domain,dc=com" -D "cn=proxy_user,ou=internet,dc=domain,dc=com" -w
"domain em 123mudar" -f sAMAccountName=%s -h 192.168.0.1
auth_param basic transparent Insira seu Usuario e Senha da Rede!!!
auth_param basic children 5
auth_param basic credentialsttl 15 minutes
#########
#########
##
acl password proxy_auth REQUIRED
##
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl localhost src ::1/128
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl to_localhost dst ::1/128

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7   # RFC 4193 local private network range
acl localnet src fe80::/10  # RFC 4291 link-local (directly plugged)
machines

acl SSL_ports port 443
acl Safe_ports port 80 8443 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8443 # PLESK
acl CONNECT method CONNECT


##
#
external_acl_type ldap_group %LOGIN
/usr/local/libexec/squid/squid_ldap_group -R -b "dc=dominio,dc=com" -D
"cn=proxy_user,ou=internet,dc=domain,dc=com" -w "domain em 123mudar" -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=internet,dc=domain,dc=com))"
-h 192.168.0.1
acl ldapAcessoPadrao external ldap_group AcessoPadrao
#########

acl ips_liberados src "/usr/local/etc/squid/SECURITY/ips_liberados.txt"
acl sites_liberados dstdomain -i
"/usr/local/etc/squid/SECURITY/sites_liberados.txt"
acl palavras_proibidas url_regex
"/usr/local/etc/squid/SECURITY/palavras_proibidas.txt"
acl extencoes_proibidas url_regex -i
"/usr/local/etc/squid/SECURITY/extencoes_proibidas.txt"
acl sites_proibidos dstdomain
"/usr/local/etc/squid/SECURITY/sites_proibidos.txt"


#########
http_access allow ips_liberados
http_access allow sites_liberados
http_access deny palavras_proibidas
http_access deny extencoes_proibidas
http_access deny sites_proibidos

http_access allow ldapAcessoPadrao

##########
http_access allow manager localhost
http_access deny manager
http_access allow Safe_ports
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
##
http_access allow password
##
http_access deny all

##
http_port 3128
hierarchy_stoplist cgi-bin ?

##
cache_mem 512 MB
maximum_object_size_in_memory 10240 KB
memory_replacement_policy lru
cache_replacement_policy lru
cache_dir ufs /tank/squid/cache 102400 16 256
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 1024000 KB
cache_swap_low 90
cache_swap_high 95

##
log_fqdn on
#logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh
access_log /tank/squid/logs/access.log squid
cache_store_log /tank/squid/logs/store.log
cache_log /tank/squid/logs/cache.log
coredump_dir /var/squid/cache

diskd_program /usr/local/libexec/squid/diskd
unlinkd_program /usr/local/libexec/squid/unlinkd

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320


visible_hostname omegared
dns_nameservers 192.168.0.1




=======================
Eduardo Wutzl
Tecnólogo
eduwutzl em gmail.com
-
11-7892-7580
Nextel ID: 100*116975
=======================


Mais detalhes sobre a lista de discussão freebsd