install libpam-radius-auth
1 | apt-get install libpam-radius-auth |
open /etc/pam_radius_auth.conf
1 | nano /etc/pam_radius_auth.conf |
and add the following lines into it. Your_IP and PORT are the IP address and Port of Radius sever. SecretKey is the Secret of radius server. 3 is the timeout in seconds.
1 2 | # server[:port] shared_secret timeout (s)YOUR_IP:PORT SecretKey 3 |
Change the permissions :
1 2 | chown root /etc/pam_radius_auth.confchmod +r /etc/pam_radius_auth.conf |
create /etc/pam.d/squid :
1 | nano /etc/pam.d/squid |
and add the following lines :
1 2 | auth sufficient pam_radius_auth.soaccount sufficient pam_radius_auth.so |
Now install Squid if you have not installed it yet :
1 | apt-get install squid |
Lets try and see if Squid PAM works successfully through Radius auth, run the following command and enter username and password with a space between them :
1 2 3 | /usr/lib/squid/pam_authusername passwordOK |
OK means radius server has accepted the authentication details. ERR means there is a problem.
Now configure Squid to use pam_ath, open /etc/squid/squid.conf :
1 | nano /etc/squid/squid.conf |
Add the following lines to the begging of the file :
1 2 3 4 | auth_param basic program /usr/lib/squid/pam_authauth_param basic children 5auth_param basic realm REALMauth_param basic credentialsttl 2 hours |
Add following line in acl section :
1 | acl password proxy_auth REQUIRED |
Add following line before http_access deny all :
1 | http_access allow password |