Townsville Linux Users Group

The list tends to be more active than this sites forums, so you are more likely to get help from there.----------  promo codes and voucher codes are great way to save you a big dollar when you shopping online.

1. download webmin from http://www.webmin.com/download/

2. login into webming at http://webmin-server-ip-address:10000

3. go to 'webmin' section, then to 'Webmin Configuration' & then choose 'Webmin Modules', after that click on the 'Clone
Module' button

4. Clone the 'squid proxy server' module and call it 'Squid Proxy Server Cache'

5. prepare the second instance of squid

cp /etc/squid/squid.conf /etc/squid/squid-cache.conf

cp /usr/sbin/squid /usr/sbin/squid-cache

mkdir /var/spool/squid-cache

mkdir /var/log/squid-cache

chown squid:squid /var/spool/squid-cache

chown squid:squid /var/log/squid-cache

6. now setup the second instance of squid, to to webmin again, then click on the 'servers' section and once there go to the
'Squid Proxy Server Cache' module and press the 'Module Config' link and fill in the details.

Full path to squid config file:         /etc/squid/squid-cache.conf

Command to start squid:              /usr/sbin/squid-cache -f /etc/squid-cache.conf

Command to stop squid:             /usr/sbin/squid-cache -k shutdown

Command to apply changes:      /usr/sbin/squid-cache -k reconfigure

Squid executable:                        /usr/sbin/squid-cache

Full path to PID file:                      /var/run/squid-cache.pid

Full path the cache directory:      /var/spool/squid-cache

Full path the log directory:    /var/log/squid-cache

7. download DansGuardian from http://www.dansguardian.com/download/

8. install DansGuardian

'rpm -ivh DansGuardian.rpm'

9. download the DansGuardian webmin module

sourceforge.net/projects/dgwebminmodule/

10. install DansGuardian webmin module, go to webmin, select the 'webmin' icon, then go to 'Webmin Configuration' & then
choose 'Webmin Modules' and choose 'install Module'

11. lets set the the instances of squid to run on different ports

'nano /etc/squid/squid.conf'

http_port 3128

'nano /etc/squid/squid-cache.conf'

http_port 3030

12. set the following information in your, ' /etc/dansguardian/dansguardian.conf' file

usernameidmethodproxyauth = on

filterip = 127.0.0.1

filterport = 8080

proxyip = 127.0.0.1

proxyport = 3030

13. Now it's time to setup NTLM authentication in the first squid. edit the '/etc/squid/squid.conf' file

add the following lines

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

14. once the NTLM authentication programs have been set it's time to set the http_acess & the acl rules

(in the acl's area)
acl ntlm proxy_auth REQUIRED

(in the http_access area)
http_acess allow localhost
http_access allow ntlm

make sure that the http_access rules are the first in the list.

15. now that the first squid server is set do use ntlm authentication it's time to winbind to authenticate against Active
Directory. stop both winbind and samba services

'/etc/init.d/smb stop'
'/etc/init.d/winbind stop'

17. edit Kerberos files to have the right configuration

/etc/krb5.conf

[libdefaults]
default_realm = WINDOWS.SERVER.INT

[realms]
WINDOWS.SERVER.INT = {
kdc = mc1.windows.server.int
default_domain = WINDOWS.SERVER.INT
kpasswd_server = mc1.windows.server.int
admin_server = mc1.windows.server.int
}

[domain_realm]
.windows.server.int = WINDOWS.SERVER.INT

18. edit Samba files to have the right configuration

/etc/samba/smb.conf

workgroup = server
security = ads
realm = WINDOWS.SERVER.INT
encrypt passwords = yes

username map = /etc/samba/smbusers

winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes

19. now it's time to join the domain

'net ads join -U administrator -S mc1'

20. now it's time to start both winbind and samba services

'/etc/init.d/smb start'
'/etc/init.d/winbind start'

21. now hopefully all that went well, to test it out lets try this comand

'/usr/bin/wbinfo -g'

this should display all the groups in your active directory structure.

22. now to set squid to be able to access the winbind information

'chown root:squid /var/cache/samba/winbindd_privileged'
'chmod 750 /var/cache/samba/winbindd_privileged'

23. next step is to disable the caching in squid, edit the '/etc/squid/squid.conf'

24. now set Dansguardian to be a second cache and to get squid to pass on the username to Dansguardian, edit the
'/etc/squid/squid.conf'

cache_peer 127.0.0.1 parent 8080 0 no-query login=*:nopassword

25. now to set the second instance of squid to run as a different proccess, edit the '/etc/squid/squid-cache.conf'

pid_filename /var/run/squid-cache.pid

26. Set the logs to log in a different location.

cache_access_log /var/log/squid-cache/access.log
cache_log /var/log/squid-cache/cache.log
cache_store_log /var/log/squid-cache/store.log

27. now were going to set squid1 to operate without a cache

cache_dir null /dev/null

28. Now lets start all the servers

/etc/init.d/dansGuardian start
/usr/sbin/squid -f /etc/squid/squid.conf -z
/usr/sbin/squid-cache -f /etc/squid/squid-cache.conf -z

My how-to guides have been moved to my own website, check them out at

http://www.opensourcehowto.org

http://www.opensourcehowto.org/how-to/openldap/openssl--openldap.html

My how-to guides have been moved to my own website, check them out at

http://www.opensourcehowto.org

http://www.opensourcehowto.org/how-to/fedora/installing-squidguard-on-fedora.html