[squid-users] Fwd: Re: Authentification LDAP Exception for IP adresse

Jérôme Seuniac jseuniac at gmail.com
Fri Feb 26 09:30:35 UTC 2016 

Excuse me,

To resume, I managed to create a LDAP authentification.
Now I want to create an exception for 2 IP addresses.
I want those two IP addresses to be allowed access without authentication.


visible_hostname proxy_dsi

http_port 8080

auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b "XXXXX"
-D "CN=XXXi,OU=XXXX,OU=XXXX,OU=XXX,DC=XXX,DC=XXXX,DC=XXX" -w "SQUID42"
-f sAMAccountName=%s -h 192.168.1.11

auth_param basic children 30

auth_param basic realm Merci de saisir vos identifiants AD6

auth_param basic credentialsttl 1 hours

external_acl_type ldap_group %LOGIN /usr/lib/squid3/ext_ldap_group_acl
-R -b "DC=R06,DC=AN,DC=CNAV" -D
"CN=proxydsi,OU=InfraReseaux,OU=_ComptesTechniques,OU=_UtilisateursSpecifiques,OU=_Administration,OU=_06-Lyon,DC=R06,DC=AN,DC=CNAV"
-w "5quid4DSI@" -f "(&(objectclass=person)
(sAMAccountname=%v)(memberof=CN=r06_gl_ProxyDSI,OU=InfraReseaux,OU=DSI,OU=_AccesApplications,OU=_RessourcesRegionales,OU=_Groupes,OU=_Administration,OU=_06-Lyon,DC=R06,DC=AN,DC=CNAV))"
-h 192.168.1.11
ldap_group Le_Nom_Du_Groupe_A_chercher

acl AD_USER external ldap_group r06_gl_ProxyDSI

acl ldap-auth proxy_auth REQUIRED

acl ldap-group external ldap_group PROXY_ALLOWED

http_access deny !ldap-group

http_access deny !ldap-auth

http_access allow all

acl VLan_etage src 192.168.1.0/24

acl SSL_ports port 443

acl ports_ouverts port 80

acl ports_ouverts port 443

acl ports_ouverts port 21

acl ports_ouverts port 25

acl ports_ouverts port 110

acl ports_ouverts port 143

acl ports_ouverts port 5074

acl ports_ouverts port 7016

acl ports_ouverts port 8010

acl CONNECT method CONNECT

hierarchy_stoplist cgi-bin ?

coredump_dir /var/spool/squid

refresh_pattern ^ftp:           1440    20%     10080

refresh_pattern ^gopher:        1440    0%      1440

refresh_pattern -i (/cgi-bin/|\?) 0     0%      0

refresh_pattern .               0       20%     4320

redirect_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf

redirect_children 50

icap_enable on

icap_send_client_ip on

icap_send_client_username on

icap_client_username_header X-Authenticated-User

icap_service service_req reqmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav

adaptation_access service_req allow all

icap_service service_resp respmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav

adaptation_access service_resp allow all

cache_mem 1333 MB

minimum_object_size 3 KB

maximum_object_size 2000 MB

cache_access_log /var/log/squid3/access.log

cache_log /var/log/squid3/cache.log

cache_store_log /var/log/squid3/store.log

forwarded_for off

Regards

2016-02-26 10:21 GMT+01:00 Antony Stone <Antony.Stone at squid.open.source.it>:
> Please also always reply to the list and never to individuals, unless
> expressly asked to :)
>
> Antony.
>
> ----------  Forwarded Message Starts  ----------
>
> Subject: Re: [squid-users] Authentification LDAP Exception for IP adresse
> Date: Friday 26 February 2016 10:17:18
> From: Jérôme Seuniac <jseuniac at gmail.com>
> To: Antony Stone <Antony Stone <Antony.Stone at squid.open.source.it>>
>
> Hi Antony,
>
> Sorry for my squid.conf, want those two IP addresses to be
> allowed access without authentication.
>
> Regards
>
> 2016-02-26 10:12 GMT+01:00 Antony Stone <Antony.Stone at squid.open.source.it>:
>> On Friday 26 February 2016 at 10:07:12, Jérôme Seuniac wrote:
>>
>>> Hi,
>>>
>>>
>>> I’m Jerome and I m a novice with squid.
>>
>> Welcome to the list.
>>
>>> With the documentation and the FAQ, I managed to create a LDAP
>>> authentification.
>>>
>>> Now I want to create an exception for 2 IP addresses.
>>
>> What do you mean by "exception"?  Do you want those two IP addresses to be
>> allowed access without authentication, or do you want to block those two IP
>> address from being able to authenticate?
>>
>>> This is my squid.conf :
>>
>> Please note in future that we prefer squid.conf to be sent without comments
>> and without blank lines - it makes it much easier to read.
>>
>>
>> Regards,
>>
>>
>> Antony.
>
> --
> I have an excellent memory.
> I can't think of a single thing I've forgotten.
>
>                                                    Please reply to the list;
>                                                          please *don't* CC me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



-- 
Cordialement,
Seuniac Jérôme.

More information about the squid-users mailing list