Squid is the system within the S4 that actually handles all requests for content on the Internet. It fetches, caches, and displays the content requested, or if the content is already held within the cache, loads it from the cached copy. You can configure Squid to pre-fetch content, making sure certain websites will be available even if the Internet conection is lost.
With Samba working, we can move on to configuring Squid. After un-tarring the sources, you start compiling Squid with a few extra parameters. These parameters tell Squid to make sure it will have certain authentication helpers available, which are used inconjunction with Samba to provide seamless and transparent authentication of our users.
The build should go complete without any problems. In order to test the authentication helpers, we can enter the following:
which should look like it’s nothing doing anything although present you a new line, at which point you type:
The parameters in the above authenticatoin string should be edited accordingly:
- “SCHOOL” is your workgroup
- “student” is the name of a valid network user
- “password” is the associated password
This should return a success status, meaning the authentication helpers are correct. If you have an error returned, check back of you workgroup, username and password, and make sure your Samba domain checks passed correctly in the previous section. Do not continue configuring Squid until the authentication tests work!
The ‘squid.conf‘ file is located in ‘/usr/local/squid/etc/‘ and needs to be ammended with the required settings. This configuration file is quite large and contains many lines of comments for one parameter. Work your way through it until you find the required section and enter the required parameters. The parameters that need changing are:
cache_peer 127.0.0.1 parent 3120 3130 proxy-only no-netdb-exchange no-query login=*:password
auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
auth_param ntlm children 20
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic /usr/local/squid/libexec/wb_auth
auth_param basic children 20
auth_param realm S4 Security Server
auth_param basic credentialsttl 1 hour
acl local_proxy src 127.0.0.1
http_access allow local_proxy
acl Authorized_Users proxy_auth REQUIRED
http_access allow all Authorized_Users
Each paramter must be set exactly as specified, especially the “auth_param” section and the “acl” sections. There are many other parameters that can be adjusted within the squid.conf section, the main ones you may wish to look at relate to cache size, file size limits, etc., but it is recommended all other changes are left until you have the S4 fully installed + configured before adjusting minor settings.
Finally, a separate used should be created and permissions changed on two directories by executing the following commands:
chown squid /usr/local/squid/var/
chown squid /usr/local/squid/var/logs/
Next Step: DansGuardian Installation + Configuration