In previous article I setup Squid and using a passwd file to hold password for squid. But now I have freeradius running, I want to integrate Squid with Freeradius so that I don’t need to maintain the passwd file.
Luckily, the Squid compiled by optware already include basic-auth-helper option during compilation, what we need to do is compile our own radius plugin.
Pre-requisites
- ipkg install make
- ipkg install gcc
Installation
- SSH to NAS as root
- cd /root
- Download the plugin source from squid officail site
# wget http://www.squid-cache.org/contrib/squid_radius_auth/squid_radius_auth-1.10.tar.gz
- Unpack it
# tar xvzf squid_radius_auth-1.10.tar.gz
- # cd squid_radius_auth-1.10/
- Build the plugin by typing make. (you need to install make if not already do so – ipkg install make)
# make
- The plugin squid_radius_auth binary will be created here
/root/squid_radius_auth-1.10/squid_radius_auth
- Move the plugin to better directory
# mv /root/squid_radius_auth-1.10/squid_radius_auth /opt/libexec
- Edit squid configuration
# vi /opt/etc/squid/squid.conf
Comment the ncsa_auth helper and add radius helper
#auth_param basic program /opt/libexec/ncsa_auth /opt/etc/passwd
auth_param basic program /opt/libexec/squid_radius_auth -f /opt/etc/squid/squid_radius_auth.conf - Create the plugin configuration file
# vi /opt/etc/squid/squid_radius_auth.conf
Add the two lines below
server 127.0.0.1
secret sharedsecret(change sharedsecret to your radius server shared secret password)
- Restart Squid
# /opt/etc/init.d/S80squid stop
# /opt/etc/init.d/S80squid start
As well as openvpn, I also have squid integrated with freeradius and using openldap as the only password store.
Recent Comments