20 March 2017

Configure Squid Proxy with LDAP Auth | Active Directory

Recently a client of mine asked if we could implement a proxy server which forced each user to authenticate with their AD credentials.  They currently had a rather cut-down Squid server running in their environment and it was logging traffic, but there was no way to work out which users were browsing the most.  There was IP tracking, but when using a hot-desk situation, no user had a specific machine.

The following steps are what I've done to get this up and running where it forces each user to authenticate against AD, and denies all access if they don't authenticate correctly.

Assumptions: there is the assumption that you've already got a working copy of Linux up and running in your virtual environment.  In this case, I was using Ubunut 16.04.
The other assumption is that you have installed the LDAP role within Server Manager within your AD environment.

1. Download/Install Squid
sudo apt-get install squid
This will install Squid onto the Linux machine.  

2. Open ldap.conf which can be found at /etc/ldap/ldap.conf
3. Set BASE to your domain (in my case its test.internal as I've blogged this within a test environment).  I've updated the URI section too, however it's hashed out and not needed.
4. Edit squid.conf which can be found here: /etc/squid/squid.conf
5. Search for the follow section auth_param basic program, then enter the following details:
Note: most of this will already be there, you will just need to un-hash it.  The IP address used is the DC.  The blurred out section is the password I have used for the Administrator account which is mentioned within this section.
Also note that the credentialsttl will be how long a user can be logged in for before they're prompted again.  For testing purposes I set it to 15 minutes, you could set this to 2 hours.
6. Within the same document, search for acl safe_ports and then add the highlighted section below:
7. In the same document, search for http_access allow localhost, then add the highlighted section underneath it
8. Search for cache_dir ufs and then un-hash that section
9. Update the proxy settings within your environment to point to the Squid server on port 3128.  When you try to access a website, you should be greeted with the following message:



Install reporting tool for tracking user's browsing
In order to track the user's browsing, you will need to get Webmin, and also SARG.  These work together to allow you to make nice little reports which will show where users have been going and how much data they're using etc.

The following tasks will be completed within the Terminal
1. sudo nano /etc/apt/sources.list
2. Add the following two lines to the document you've just opened up
deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
3. Save the document and close out of it
4. sudo wget http://www.webmin.com/jcameron-key.asc
5. sudo apt-key add jcameron-key.asc
6. sudo apt-get update
7. sudo apt-get install webmin -y
8. sudo ufw allow 10000

This will then allow you to access the Webmin web portal on https://localhost:10000
Log in with your administrator (local admin) credentials

Click on un-used modules then find Squid Proxy
You will most likely see a message saying it wasn't able to find squid.  This will be because it's looking for /squid3/ rather than just /squid/.  You will need to edit the config and change squid3 to just squid everywhere you see it.



In order to use the Squid Report Generator, you will need to install SARG.  To do this, open Terminal and type the following:

sudo apt-get install sarg

Then you can click on Squid Report Generator within Webmin and be able to run reports on usage etc.

25 comments:

  1. Great post! Thank you for sharing valuable information. Keep up the good work.

    ReplyDelete
  2. Many thanks for making the sincere effort to explain this. I feel fairly strong about it and would like to read more. If it’s OK, as you find out more you can track you Delhi very tracking here and speed post tracking here, would you mind visiting more posts similar to this one with more information? you can check pan card status, train running status, tracking, and USPS tracking.lisa

    ReplyDelete
  3. Wow, cool post. I’d like to write like this too – taking time and real hard work to make a great article… but I put things off too much and never seem to get started. Thanks though. 1337x

    ReplyDelete
  4. A proxy is any software that supports the http proxy protocols. In it's simplest form a proxy is a relay for data between two computers. A proxy is a intermediate server that forwards information between to points. torrentz2

    ReplyDelete
  5. The applications that are available in the market today have enhanced the user experience greatly and also become more reliable and secure. To get more detailed info about active directory reporting, check this site .

    ReplyDelete
  6. This is a very interesting web page and I have enjoyed reading many of the articles and posts contained on the website, keep up the good work and hope to read some more interesting content in the future.torrentz2 proxy

    ReplyDelete
  7. Basic intermediary contents utilized by intermediaries are PHP intermediary and CGI intermediary. Since these contents are accessible for nothing, numerous intermediaries are flooding the market. piratebay

    ReplyDelete
  8. Wireless Internet refers to a network that enables you to access the internet without necessarily using any cables. The medium used in wireless internet is airwaves or radio waves, through which data is transmitted from one device to another. Kickass Proxy

    ReplyDelete
  9. Intrigued Internet guests will have the option to peruse the different classes in the catalog and find sites like yours that they might be keen on visiting. Basically, those spots make it simpler for any guest to discover your business' site.
    free classified ads sites

    ReplyDelete
  10. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. 熊猫VPN 安全

    ReplyDelete
  11. Awesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work! Us

    ReplyDelete
  12. Nice information, valuable and excellent design, as share good stuff with good ideas and concepts, lots of great information and inspiration, both of which I need, thanks to offer such a helpful information here. fanqiang-vpn

    ReplyDelete
  13. Glype Proxy is a free web-based proxy script written in PHP. It allows webmasters to quickly and easily set up their own proxy site.why you should use vpn to test your websites

    ReplyDelete
  14. The aversion that these two schools have for one another presumably begun just after the Civil War when it was concluded that another technological school ought to be established. free unlimited vpn for windows 10

    ReplyDelete
  15. If you need a good VPN for streaming, VPN软件 remains one of our top recommendations. It offers full support for Netflix, BBC iPlayer, Hulu, Amazon Prime, and more.

    ReplyDelete
  16. Wow, What a Excellent post. I really found this to much informatics. It is what i was searching for.I would like to suggest you that please keep sharing such type of info.Thanks nursing test bank

    ReplyDelete
  17. This allows us to surf anonymously online. Thus we can surf the Internet without worrying about hacker threats and proceed to shop on the online stores and visit your favorite websites. see

    ReplyDelete
  18. I was surfing the Internet for information and came across your blog. I am impressed by the information you have on this blog. It shows how well you understand this subject. Sharepoint employee directory

    ReplyDelete
  19. A VPN that can be used no matter what country you are in, all websites and social APPs in the world can be accessed at high speed without any problems. For details, click:https:Try PandaVPN for free

    ReplyDelete
  20. Creatures and machines may utilize technology later on and likely right now, like AI. In those cases, logical texts apply their impact not straightforwardly through human exercises, however by means of creatures or machines. Their utilization of technology is impersonations of human insight, without fundamental contrasts. Concise Finance Putney Retirement Mortgage

    ReplyDelete
  21. A VPN that can be used no matter what country you are in, all websites and social APPs in the world can be accessed at high speed without any problems. For details, click : Try VPN anonymously

    ReplyDelete
  22. Google My Business and observe a few dozen sites that are connected with model planes. https://onohosting.com/

    ReplyDelete
  23. Very good article, recommend a good website: VPN排名

    ReplyDelete