How to Setup Squid Proxy to Authenticate with FreeRADIUS on CentOS 7

Squid is a stable, popular, open-source caching and forwarding HTTP web proxy. It can be used for a variety of reasons. If you are looking to create your very own plain HTTP or HTTPS-based proxy, then this is the software to use.

First, we need to install the development tools:

yum groupinstall 'Development Tools'

Install some additional packages:

yum install gcc bison byacc pam pam-devel flex -y

Let’s now install the squid proxy server software itself. Use the command below to do that:

sudo yum -y update
yum -y install squid

Now start Squid by entering the following command:

systemctl start squid

Have Squid automatically start at boot time:

systemctl enable squid

You can also check the status of Squid with the below command:

systemctl status squid

In the example below, we see that the state is ‘Active.’

Squid Active

Now open up the squid config file /etc/squid/squid.conf and add the config lines below to the top of this file:

#  TAG: auth_param
#Authentication Radius:
auth_param basic program /usr/lib64/squid/basic_radius_auth -f /etc/squid/squid_rad_auth.conf
auth_param basic children 5
auth_param basic realm YOURSITENAME
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl radius-auth proxy_auth REQUIRED

#  TAG: http_access
# Allow authorized users:
http_access allow radius-auth

Now create the radius config file:

vi /etc/squid/squid_rad_auth.conf

Add the below lines:

server # Radius Server IP or Hostname
secret your_secret_here

Be sure to change the IP address to your radius server and your radius secret for this server. Close and save the file.

Restart the squid proxy server:

service squid restart

Now, set up your squid proxy in your favourite browser or extension, such as FoxyProxy, on port 3128 and then enter your username and password, which must be present in your FreeRADIUS database.

Yuo can set up your FreeRADIUS server using this guide.

Leave a reply:

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.