…Details…

Icon

Thoughts that's escape, only details.

Squid – Radius auth

In this example a squid installation will use RADIUS “squid_radius_auth” Squid RADIUS authentication helper to authenticate users.

Get last version of squid radius auth helper at:
http://www.squid-cache.org/contrib/squid_radius_auth/

Download:

[leo@srv01 leo]# wget http://www.squid-cache.org/contrib/squid_radius_auth/squid_radius_auth-1.10.tar.gz

Extract:

[leo@srv01 leo]# tar -xvf squid_radius_auth-1.10.tar.gz

Go to directory:

[leo@srv01 leo]# cd squid_radius_auth-1.10

Compile:

[leo@srv01 squid_radius_auth-1.10]# make
gcc -O2 -Wall -g -c -o squid_rad_auth.o squid_rad_auth.c
gcc -O2 -Wall -g -c md5.c
gcc -O2 -Wall -g -c util.c
gcc -g -o squid_radius_auth squid_rad_auth.o md5.o util.o

Now the installation, for my needs, I wanna keep binary into /usr/lib/squid/ and configuration file into /etc/squid/ and I don’t wanna take man files then edit Make.inc like this:

BINDIR = /usr/lib/squid
CONFDIR = /etc/squid

install: squid_radius_auth
mkdir -p $(BINDIR)
install -m 755 -s squid_radius_auth $(BINDIR)/squid_radius_auth
# mkdir -p $(DESTDIR)$(MANDIR)
# install -m 755 squid_radius_auth.8 $(DESTDIR)$(MANDIR)/squid_radius_auth$(MANEXT)
mkdir -p $(CONFDIR)
install -m 644 etc/squid_radius_auth.conf $(CONFDIR)/squid_radius_auth.conf.default
if ! test -f $(CONFDIR)/squid_radius_auth.conf; then \
cp -p $(CONFDIR)/squid_radius_auth.conf.default $(CONFDIR)/squid_radius_auth.conf; \
fi

Edit config file /etc/squid/squid_radius_auth.conf here my example:

server 10.255.X.X
secret XXXXXXXX
port 1645

Now you can test the helper, execute and then type your radius username/password on the same line separated with space, on successful authentication it will give “OK” otherwise “ERR login failure”

[leo@srv01 leo]# /usr/lib/squid/squid_radius_auth -f /etc/squid/squid_radius_auth.conf
leo xxxx
OK

Now you can made change to “squid.conf”

# TAG: auth_param
auth_param basic program /usr/lib/squid/squid_radius_auth -f /etc/squid/squid_radius_auth.conf
auth_param basic children 5
auth_param basic realm Wide-NET-Proxy
auth_param basic credentialsttl 5 minute
auth_param basic casesensitive on

# TAG: acl
acl radius-auth proxy_auth REQUIRED

# TAG: http_access
http_access allow localhost
http_access allow radius-auth
http_access deny all

Category: Daemon

Tagged: , ,

Leave a Reply

You must be logged in to post a comment.

Archive