Denis Makarov, 123RF.com

Virus scanner and content filter with AD authentication

The Cleaner

Many companies use a proxy to handle web access. These intermediaries on the network make it easy to look for viruses on pages accessed by users and in downloads. Company management often requires users to log in to the proxy for monitoring purposes, making it possible to assign individual user or group privileges, such as access to the intranet or extranet. But logging in means adding another username and another password – more things for users to remember – unless you happen to use the credentials of an existing system, such as a Windows domain controller to authenticate against the proxy. With a little support from the Samba project, the Squid proxy [1] can grant users access by referencing their Active Directory accounts.

Part 1: Configuring Samba

Besides Squid, you will need Samba 3.x, Samba-Client, Samba-Winbind [2], and the Kerberos package, which is typically called krb5 , or something similar, by most distributions. Once you have all of these components in place, you can launch into the configuration, starting with the Samba configuration file, smb.conf , which you will need to modify as shown in Listing 1.

01 [global]
02 workgroup = myworkgroup   # Windows domain name
03 security = ADS
04 realm = example.com       # FQDN for the domain
05 password server = *       # Accept all password servers in the domain
06 encrypt passwords = true  # Encrypted password transmission
07 dns proxy = yes           # Retrieve domain data from DNS
08 idmap uid = 10000-20000   # Local reserved UID area for the domain users
09 idmap gid = 10000-20000   # Local reserved

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES

Print Issues

Digital Issues

 

SUBSCRIPTIONS

Print Subs

Digisubs

 

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia