配置文件如下:
-
http_port 8080
-
#auth ldap
-
auth_param basic program /usr/local/squid/libexec/basic_ldap_auth -R -b "dc=test,dc=net" -D "cn=Administrator,cn=Users,dc=test,dc=net" -w "xxxx" -f sAMAccountName=%s -h 192.168.1.8
-
#192.168.1.8 是AD; administrator和xxxx是此AD的用户名和密码
-
auth_param basic children 5
-
auth_param basic realm test.net
-
auth_param basic credentialsttl 5 minutes
-
acl test proxy_auth REQUIRED
-
http_access allow test
-
acl CONNECT method CONNECT
-
redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
-
cache_dir ufs /usr/local/squid/var/cache/squid 1024 16 256
-
coredump_dir /usr/local/squid/var/cache/squid
-
refresh_pattern ^ftp: 1440 20% 10080
-
refresh_pattern ^gopher: 1440 0% 1440
-
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
-
refresh_pattern . 0 20% 4320
-
cache_effective_user squid
-
cache_effective_group squid
-
visible_hostname Firewall
如果要在squidGuard里启用LDAP认证,那squid里首先得启用LDAP认证.
具体代码就按官方的(删除了CN=...)
|
1
|
ldap:
//ldap
.example.net
/cn
=administrator,ou=People,
dc
=example,
dc
=net?memberUid?sub(&(objectclass=posixGroup)(memberUid=%s))
|
