[squid-users] Fallback auth method

schinken schinken at hackerspace-bamberg.de
Fri Nov 14 11:33:11 UTC 2014


Maybe i'll try to simplify my question ;)


Is it possible to skip the:

> http_access allow AllowedMemberOf all

if auth_param basic was the authenticator (instead of the other
authentications like NTLM/LDAP)?


Condensed config:

>> # basic-auth
>>
>> auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd
>>
>>
>> # AD memberof check
>>
>> external_acl_type memberof ttl=300 negative_ttl=300 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -R -K -b "dc=COMPANY,dc=i
>> nt" -D squid at company.int -W /etc/squid3/ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberof:1.2.
>> 840.113556.1.4.1941:=cn=%g,ou=Groups,ou=foobar,dc=COMPANY,dc=int))" -h ad.company.int,ad3.company.int
>>
>> acl auth proxy_auth REQUIRED
>> http_access deny !auth
>> http_access allow auth
>>
>> acl AllowedMemberOf external memberof "/etc/squid3/memberof_allow.txt
>> acl BlockedMemberOf external memberof "/etc/squid3/memberof_deny.txt"
>>
>> http_access allow AllowedMemberOf all
>> http_access deny BlockedMemberOf all



-- 
Schinken

Backspace e.V.
http://hackerspace-bamberg.de

mail: schinken at hackerspace-bamberg.de
xmpp: schinken at tai-wahn.de (otr)
GPG: FFB7 E40D B2DD D24C C9B7 B5C5 703C F8B8 882C 871E

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141114/a1c64308/attachment.sig>


More information about the squid-users mailing list