Squid Compilation + Configuration

Website: http://www.squid-cache.org
Version Used: 2.5-STABLE7
Download: http://www.squid-cache.org/Versions/v2/2.5/
Provides: Proxy server for fetching, caching and delivering web content

Squid is the system within the S4 that actually handles all requests for content on the Internet. It fetches, caches, and displays the content requested, or if the content is already held within the cache, loads it from the cached copy. You can configure Squid to pre-fetch content, making sure certain websites will be available even if the Internet conection is lost.

With Samba working, we can move on to configuring Squid. After un-tarring the sources, you start compiling Squid with a few extra parameters. These parameters tell Squid to make sure it will have certain authentication helpers available, which are used inconjunction with Samba to provide seamless and transparent authentication of our users.

./configure
--enable-auth=�ntlm,basic�
--enable-basic-auth-helpers=�winbind�
--enable-ntlm-auth-helpers=�winbind�
make
su
make install

The build should go complete without any problems. In order to test the authentication helpers, we can enter the following:

/usr/local/squid/libexec/wb_auth �d

which should look like it’s nothing doing anything although present you a new line, at which point you type:

SCHOOL+student password

The parameters in the above authenticatoin string should be edited accordingly:

  • SCHOOL” is your workgroup
  • student” is the name of a valid network user
  • password” is the associated password

This should return a success status, meaning the authentication helpers are correct. If you have an error returned, check back of you workgroup, username and password, and make sure your Samba domain checks passed correctly in the previous section. Do not continue configuring Squid until the authentication tests work!

The ‘squid.conf‘ file is located in ‘/usr/local/squid/etc/‘ and needs to be ammended with the required settings. This configuration file is quite large and contains many lines of comments for one parameter. Work your way through it until you find the required section and enter the required parameters. The parameters that need changing are:

http_port 127.0.0.1:3127
http_port 3128

icp_port 3130

cache_peer 127.0.0.1 parent 3120 3130 proxy-only no-netdb-exchange no-query login=*:password

auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
auth_param ntlm children 20
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic /usr/local/squid/libexec/wb_auth
auth_param basic children 20
auth_param realm S4 Security Server
auth_param basic credentialsttl 1 hour

acl local_proxy src 127.0.0.1
http_access allow local_proxy
acl Authorized_Users proxy_auth REQUIRED
http_access allow all Authorized_Users

cache_effective_user squid

forwarded_for on

Each paramter must be set exactly as specified, especially the “auth_param” section and the “acl” sections. There are many other parameters that can be adjusted within the squid.conf section, the main ones you may wish to look at relate to cache size, file size limits, etc., but it is recommended all other changes are left until you have the S4 fully installed + configured before adjusting minor settings.

Finally, a separate used should be created and permissions changed on two directories by executing the following commands:

useradd squid
passwd squid
chown squid /usr/local/squid/var/
chown squid /usr/local/squid/var/logs/

Next Step: DansGuardian Installation + Configuration

S4 Documentation Home

Leave a Reply

Your email address will not be published. Required fields are marked *

*

About Me

Iain Foulds, 33 years old. Originally from England, now living in Seattle. I currently work as a Senior Content Developer for Microsoft writing about Azure VMs. Gamer. Very passionate about photography. Comments and opinions expressed here are my own. More...

Categories

Archives