Squid LDAP Auth and WPAD

-System that used:
CentOS 6.2, squid v3.1x, LDAP Server, Linux DHCP server, httpd/apache server for wpad.dat

-Make sure squid can talk to LDAP server
# /usr/lib64/squid/squid_ldap_auth -b "dc=tahubachem,dc=local" -f "uid=%s" -h
Username password (Hit Enter)

-Edit squid.conf

auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "dc=tahubachem,dc=local" -f "uid=%s" -h
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hour
authenticate_ip_ttl 2 minutes

#using ldap auth
acl ldapauth proxy_auth REQUIRED

#one ip = one user login
acl one_ip_access max_user_ip -s 1

http_access deny one_ip_access
http_access allow ldapauth

#Wpad.dat will tell web browser the proxy address & port
http_port 3128

or see squid.conf here

-Make file wpad.dat in web server directory
# touch /var/www/html/wpad.dat
# vi /var/www/html/wpad.dat

function FindProxyForURL(url, host) {

if (shExpMatch(host, "127.*")
|| shExpMatch(host, "localhost")
|| shExpMatch(url, "*.tahubachem.net/*")
|| isPlainHostName(host)
|| dnsDomainIs(host, ".tahubachem.net")){
return "DIRECT";
return "PROXY; DIRECT;";
// return "PROXY; DIRECT;";

-Edit dhcpd.conf
Add new:

option wpad-url code 252 = text;
option wpad-url "\n";

or see dhcpd.conf here

PC using login staff1

Another PC using same login staff1 ,result -> Access Denied:


1 thought on “Squid LDAP Auth and WPAD

  1. Chamae

    By July 26, 2010 – 9:18 pmAs they say that Linux OS is quite good, but I still prefer the Windows. Though I am not fan of Bill Gates, I find it easy for e to use the Windows, eteihr for server or for the workstations. I have open source software, they get updated almost every second and that is not really what I want because adjustments needs to be done after the updates. Cant just sit there and keep on updating it every moment.


Leave a Reply

Your email address will not be published. Required fields are marked *