Admins eHow SysAdmin Tips & Tricks

July 16, 2012

How to auth Squid by Radius through PAM in Debian

Filed under: Debian — Tags: , , , , , — admin @ 9:20 am

install libpam-radius-auth

apt-get install libpam-radius-auth

open /etc/pam_radius_auth.conf

nano /etc/pam_radius_auth.conf

and add the following lines into it. Your_IP and PORT are the IP address and Port of Radius sever. SecretKey is the Secret of radius server. 3 is the timeout in seconds.

# server[:port] shared_secret      timeout (s)
YOUR_IP:PORT SecretKey 3

Change the permissions :

chown root /etc/pam_radius_auth.conf
chmod +r /etc/pam_radius_auth.conf

create /etc/pam.d/squid :

nano /etc/pam.d/squid

and add the following lines :

auth sufficient pam_radius_auth.so
account sufficient pam_radius_auth.so

Now install Squid if you have not installed it yet :

apt-get install squid

Lets try and see if Squid PAM works successfully through Radius auth, run the following command and enter username and password with a space between them :

/usr/lib/squid/pam_auth
username password
OK

OK means radius server has accepted the authentication details. ERR means there is a problem.
Now configure Squid to use pam_ath, open /etc/squid/squid.conf :

nano /etc/squid/squid.conf

Add the following lines to the begging of the file :

auth_param basic program /usr/lib/squid/pam_auth
auth_param basic children 5
auth_param basic realm REALM
auth_param basic credentialsttl 2 hours

Add following line in acl section :

acl password proxy_auth REQUIRED

Add following line before http_access deny all :

http_access allow password

Powered by WordPress