Tag Archives: Squid

Setting up Squid with NTLM Authentication on CentOS 7

(Work-in-progress)

Assumptions:

  • Networking is configured.
  • EPEL 7 repo is installed.
  • All packages are up to date as of 2014-08-29.
  • Server has an entry with the domain DNS server.

Install squid, realm, and winbind packages:

yum install squid realmd samba-winbind samba-winbind-clients

Join the domain and test that you can authenticate with the domain controller.

realm join --client-software=winbind --user=admin --verbose domain.example.com
getent passwd admin@domain.example.com

If getent returns nothing, something went wrong.

Add the following to the top of /etc/squid/squid.conf:

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm keep_alive on

auth_param basic credentialsttl 2 hours

acl ad_auth proxy_auth REQUIRE

And be sure to make the necessary access rule changes:

http_access allow ad_auth

Make sure the squid service is enabled, (re)start it, and make the necessary firewall rules:

systemctl enable squid.service
systemctl restart squid.service
firewall-cmd --zone=public --add-port=3128/tcp --permanent
firewall-cmd --reload

You can now test squid, and observe the log output via:

tail -f /var/log/squid/access.log