November 24, 2024, 09:25:09 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Squid PAM authentication and LDAP  (Read 5127 times)

Offline redmat

  • New Member
  • Posts: 1
Squid PAM authentication and LDAP
« on: August 13, 2004, 09:52:14 PM »
Greetings Folks,

This is my first post in this forum. I was not at all a linux guy but due to some circumstances at work (sys admin being not available), I am faced with a problem that require me to seek expert help.

We have a dedicated squid proxy server running on SuSe Linux 8.0. Now according to my limited knowledge this machine is completely different from the file server (running SuSe as well) we have. Therefore, the network users (those having accounts to logon to the network) are different than those who have accounts to access the internet through proxy. Basically, any user who has been added to the squid database is allowed to access the internet.

The problem I am faced with is that we are going to replace the Squid box with a hardware based proxy/cache engine solution which doesn't have any built-in authentication mechanism. While in place this new box will have to pass the authentication requests to some kind of an existing authentication server. Now with my extremely limited knowledge I was able to find that the squid is configured to use PAM authentication mechanism. While on the other hand, the new box supports RADIUS, TACACS+, LDAP, and NTLM. In an effort to dig deeper into this I found out that RADIUS and TACACS+ would require a completely different setup with some new hardware while NTLM is a non-linux solution. LDAP is the only choice I am left with that seem to be the feasible solution (due to limited time and resources) by making some changes to the existing squid proxy SuSe box (and disabling the squid proxy services on the existing box after the installation of new proxy device, making the existing box to serve as the authentication server).

After reading about LDAP, it came to my knowledge that it is a directory server technology that allows the username and passwords to be stored on a centralized location. AND that it uses PAM for user authentication. Now thats what confuses me. LDAP also uses PAM and running Squid is also using PAM. With default SuSe installation on the existing proxy server, I don't think there is LDAP installed and configured to use PAM to authenticate internet users. I do know that, whenever a new user required access to the internet, she was added to the squid's user database and not to any LDAP database.

Can anyone of you fine folks here help me verify that if there is any LDAP service running on the existing proxy server. And IF LDAP is NOT installed then what would be the best way to achieve the solution to this problem? How can I install LDAP on the existing proxy server and make the existing squid user database integrate with it? The LDAP parameters required by the new proxy device are cn=, dc=, ou=, and Search group. What would be the best possible way to make the existing proxy box serve as the authentication server (and not proxy) with LDAP, for the new proxy device.

Any help in this reqard is highly appreciated.

Thank you for your cooperation.

Kind Regards,
-redmat