Synology usage series 30 – Integrate Squid with Freeradius


In previous article I setup Squid and using a passwd file to hold password for squid. But now I have freeradius running, I want to integrate Squid with Freeradius so that I don’t need to maintain the passwd file.

Luckily, the Squid compiled by optware already include basic-auth-helper option during compilation, what we need to do is compile our own radius plugin.

Pre-requisites

  • ipkg install make
  • ipkg install gcc

Installation

  1. SSH to NAS as root
  2. cd /root
  3. Download the plugin source from squid officail site

    # wget http://www.squid-cache.org/contrib/squid_radius_auth/squid_radius_auth-1.10.tar.gz

  4. Unpack it

    # tar xvzf squid_radius_auth-1.10.tar.gz

  5. # cd squid_radius_auth-1.10/
  6. Build the plugin by typing make. (you need to install make if not already do so – ipkg install make)

    # make

  7. The plugin squid_radius_auth binary will be created here

    /root/squid_radius_auth-1.10/squid_radius_auth

  8. Move the plugin to better directory

    # mv /root/squid_radius_auth-1.10/squid_radius_auth /opt/libexec

  9. Edit squid configuration

    # vi /opt/etc/squid/squid.conf

    Comment the ncsa_auth helper and add radius helper

    #auth_param basic program /opt/libexec/ncsa_auth /opt/etc/passwd
    auth_param basic program /opt/libexec/squid_radius_auth -f /opt/etc/squid/squid_radius_auth.conf

  10. Create the plugin configuration file

    # vi /opt/etc/squid/squid_radius_auth.conf

    Add the two lines below

    server 127.0.0.1
    secret sharedsecret

    (change sharedsecret to your radius server shared secret password)

  11. Restart Squid

    # /opt/etc/init.d/S80squid stop
    # /opt/etc/init.d/S80squid start

As well as openvpn, I also have squid integrated with freeradius and using openldap as the only password store.





Leave a Reply

Your email address will not be published. Required fields are marked *