The reason for using fakeauth is to authenticate users on a home network without the need for any central authentication database. It is far from secure, but for the sole purpose of identifying the user it is good enough.
First we need to update the package repositories from where we wish to install.
Simply run the following in the shell:
echo 'deb http://ftp.us.debian.org/debian/ squeeze mainThen execute the next line to update the local cache and install Squid 3:
deb-src http://ftp.us.debian.org/debian/ squeeze main
#deb http://ftp.us.debian.org/debian/ sid main
#deb http://ftp.us.debian.org/debian/ experimental main' > /etc/apt/sources.list
apt-get update && apt-get -y install squid3This will download and install Squid3 followed by starting it up listening on port 3128.
Fakeauth is part of Squid3 but it is not bundled with the installable package. This forces us to build it from source.
Let's start by installing dependencies:
apt-get -y install gcc g++ make patchNext we download and unpack the source for Squid 3.1.6:
cd ~/ && apt-get source squid3Below we build fakeauth with a patch required for the MBL:
tar xzf squid3_3.*.orig.tar.gz && cd squid-*/
./configureThis would produce an executable file called fakeauth_auth in the current directory compatible with MBL.
cd compat/ && make
cd ../lib && make
> // Fix for platform
> auth->flags = le32toh(auth->flags);
< debug("ntlmDecodeAuth: usr o(%d) l(%d)\n", auth->user.offset, auth->user.len);
> debug("ntlmDecodeAuth: usr o(%d) l(%d)\n", le32toh(auth->user.offset), le16toh(auth->user.len));
' | patch fakeauth_auth.c
Copy this file to Squid's library path to keep it all in one place:
cp fakeauth_auth /usr/lib/squid3/
chmod 755 /usr/lib/squid3/fakeauth_auth
Fakeauth is a NTLM authentication helper which we configure in /etc/squid3/squid.conf by adding the following:
auth_param ntlm program /usr/lib/squid3/fakeauth_auth -SThis will enable the module but won't restrict any users accessing the proxy.
auth_param ntlm children 5
auth_param ntlm keep_alive on
At approx. line 760 add the following two lines to enable fakeauth module:
(Note that http_access deny needs to be above any other http_access allow to work properly)
acl dummyAuth proxy_auth REQUIREDThis basically tells Squid only to allow clients that support NTLM. This will only work for Windows users so additional rules needs to be added to allow other clients to bypass the authentication.
http_access deny !dummyAuth all
After restarting Squid (/etc/init.d/squid3 restart) the username should now appear in the logfile when using Squid as a proxy:
# tail /var/log/squid3/access.log
1221111156.178 170 10.0.0.9 TCP_MISS/204 351 GET http://www.google.com/csi? charlie DIRECT/188.8.131.52 image/gif