Tag Archives: CentOS

Setting up Squid with NTLM Authentication on CentOS 7



  • Networking is configured.
  • EPEL 7 repo is installed.
  • All packages are up to date as of 2014-08-29.
  • Server has an entry with the domain DNS server.

Install squid, realm, and winbind packages:

yum install squid realmd samba-winbind samba-winbind-clients

Join the domain and test that you can authenticate with the domain controller.

realm join --client-software=winbind --user=admin --verbose domain.example.com
getent passwd admin@domain.example.com

If getent returns nothing, something went wrong.

Add the following to the top of /etc/squid/squid.conf:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm keep_alive on

auth_param basic credentialsttl 2 hours

acl ad_auth proxy_auth REQUIRE

And be sure to make the necessary access rule changes:

http_access allow ad_auth

Make sure the squid service is enabled, (re)start it, and make the necessary firewall rules:

systemctl enable squid.service
systemctl restart squid.service
firewall-cmd --zone=public --add-port=3128/tcp --permanent
firewall-cmd --reload

You can now test squid, and observe the log output via:

tail -f /var/log/squid/access.log

Basic Network Configuration for CentOS 6.8






domain example.com
search example.com

/etc/hosts: dc1.example.com dc2.example.com

Restart the network service.


server ntp1.example.com
server ntp2.example.com

Start ntpd service and do a chkconfig.