Tag Archives: CentOS

Setting up Squid with NTLM Authentication on CentOS 7

(Work-in-progress)

Assumptions:

  • Networking is configured.
  • EPEL 7 repo is installed.
  • All packages are up to date as of 2014-08-29.
  • Server has an entry with the domain DNS server.

Install squid, realm, and winbind packages:

yum install squid realmd samba-winbind samba-winbind-clients

Join the domain and test that you can authenticate with the domain controller.

realm join --client-software=winbind --user=admin --verbose domain.example.com
getent passwd admin@domain.example.com

If getent returns nothing, something went wrong.

Add the following to the top of /etc/squid/squid.conf:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm keep_alive on

auth_param basic credentialsttl 2 hours

acl ad_auth proxy_auth REQUIRE

And be sure to make the necessary access rule changes:

http_access allow ad_auth

Make sure the squid service is enabled, (re)start it, and make the necessary firewall rules:

systemctl enable squid.service
systemctl restart squid.service
firewall-cmd --zone=public --add-port=3128/tcp --permanent
firewall-cmd --reload

You can now test squid, and observe the log output via:

tail -f /var/log/squid/access.log

Basic Network Configuration for CentOS 6.8

/etc/sysconfig/network-scripts/ifcfg-eth0:

ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.12
NETMASK=255.255.255.0

/etc/sysconfig/network:

HOSTNAME=centos.example.com
GATEWAY=192.168.1.1

/etc/resolv.conf:

domain example.com
search example.com
nameserver 8.8.8.8
nameserver 192.168.1.10

/etc/hosts:

192.168.1.10 dc1.example.com
192.168.1.11 dc2.example.com

Restart the network service.

/etc/ntp.conf:

server ntp1.example.com
server ntp2.example.com

Start ntpd service and do a chkconfig.