In this example a squid installation will use RADIUS “squid_radius_auth” Squid RADIUS authentication helper to authenticate users.
Get last version of squid radius auth helper at:
http://www.squid-cache.org/contrib/squid_radius_auth/
Download:
[leo@srv01 leo]# wget http://www.squid-cache.org/contrib/squid_radius_auth/squid_radius_auth-1.10.tar.gz
Extract:
[leo@srv01 leo]# tar -xvf squid_radius_auth-1.10.tar.gz
Go to directory:
[leo@srv01 leo]# cd squid_radius_auth-1.10
Compile:
[leo@srv01 squid_radius_auth-1.10]# make
gcc -O2 -Wall -g -c -o squid_rad_auth.o squid_rad_auth.c
gcc -O2 -Wall -g -c md5.c
gcc -O2 -Wall -g -c util.c
gcc -g -o squid_radius_auth squid_rad_auth.o md5.o util.o
Now the installation, for my needs, I wanna keep binary into /usr/lib/squid/ and configuration file into /etc/squid/ and I don’t wanna take man files then edit Make.inc like this:
BINDIR = /usr/lib/squid
CONFDIR = /etc/squid
install: squid_radius_auth
mkdir -p $(BINDIR)
install -m 755 -s squid_radius_auth $(BINDIR)/squid_radius_auth
# mkdir -p $(DESTDIR)$(MANDIR)
# install -m 755 squid_radius_auth.8 $(DESTDIR)$(MANDIR)/squid_radius_auth$(MANEXT)
mkdir -p $(CONFDIR)
install -m 644 etc/squid_radius_auth.conf $(CONFDIR)/squid_radius_auth.conf.default
if ! test -f $(CONFDIR)/squid_radius_auth.conf; then \
cp -p $(CONFDIR)/squid_radius_auth.conf.default $(CONFDIR)/squid_radius_auth.conf; \
fi
Edit config file /etc/squid/squid_radius_auth.conf here my example:
server 10.255.X.X
secret XXXXXXXX
port 1645
Now you can test the helper, execute and then type your radius username/password on the same line separated with space, on successful authentication it will give “OK” otherwise “ERR login failure”
[leo@srv01 leo]# /usr/lib/squid/squid_radius_auth -f /etc/squid/squid_radius_auth.conf
leo xxxx
OK
Now you can made change to “squid.conf”
# TAG: auth_param
auth_param basic program /usr/lib/squid/squid_radius_auth -f /etc/squid/squid_radius_auth.conf
auth_param basic children 5
auth_param basic realm Wide-NET-Proxy
auth_param basic credentialsttl 5 minute
auth_param basic casesensitive on
# TAG: acl
acl radius-auth proxy_auth REQUIRED
# TAG: http_access
http_access allow localhost
http_access allow radius-auth
http_access deny all