[squid-users] Authentication help

Informatico Neurodesarrollo infneurodcr.mtz at infomed.sld.cu
Thu Mar 5 20:49:49 UTC 2015


Hi list,
I am new in the list and I want to solve a problem with the 
authentication process in the factory that I worked some years ago and 
in this place I began work with Linux.
They use openSuSE 13.2 (64bits) with squid 3.4.4, the specification are:
- the authentication is local, Unix users
- two groups created :intranet (only can access to domain ".cu" ),internet

What is the deal?:

When I try to access, in the surfer arise a windows ask me the user and 
password, but when I push Enter key, this windows arise again and I have 
to press several times the "ESC" key to can navigate.

I attach bellow squid.conf file.

My best regards.

PD Apologist my english, but if any body else understand Spanish 
language I can explain better.

-- 

Jesús Reyes Piedra
Admin Red Neurodearrollo,Cárdenas
La caja decía:"Requiere windows 95 o superior"...
Entonces instalé LINUX.



squid.conf:

# Squid normally listens to port 3128
http_port 3128

###################################################
#Memoria destinada para mantener el cache en la RAM
cache_mem 1024 MB

# Uncomment and adjust the following to add a disk cache directory.
cache_dir aufs /var/cache/squid 99999 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

cache_mgr juanc at jvr.cu
cache_replacement_policy lru
cache_swap_high 95
cache_swap_low 90
client_lifetime 1 days
connect_timeout 2 minutes
#emulate_httpd_log off
debug_options ALL,1 33,2

ftp_passive on
maximum_object_size 4096 KB
memory_replacement_policy lru
minimum_object_size 0 KB

########################################################
#Autenticación

auth_param basic program /usr/sbin/basic_getpwnam_auth 
--helper-protocol=squid-2.5-basic
auth_param basic children 20
auth_param basic realm Servidor Proxy JVR
auth_param basic credentialsttl 1 hours
auth_param basic casesensitive off

############
#Grupos Unix

external_acl_type groupo_linux %LOGIN /usr/sbin/ext_unix_group_acl -p

acl nav_nac external groupo_linux intranet
acl nav_int external groupo_linux internet

acl nav_full proxy_auth nav_int
acl nav_cuba proxy_auth nav_nac

acl Auth_jvr proxy_auth REQUIRED

#########################################################
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0 1440
refresh_pattern -i  (/cgi-bin/|\?) 0 0 0
refresh_pattern . 0 20 4320


cache_log /var/log/squid/cache.log
access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
error_directory /usr/share/squid/errors/es


acl localnet src 10.44.1.0/24
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

acl restricted_sites dstdomain "/etc/squid/listas/blocked_sites.acl"
acl restricted_dst dst "/etc/squid/listas/blocked_src"
acl nacional dstdomain .cu

# Regla para denegar palabras indebidas
acl palabras url_regex -i "/etc/squid/deneg"


#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
# Deny CONNECT to other than secure SSL ports
# Only allow cachemgr access from localhost
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
# Allow localhost always proxy functionality
# And finally deny all other access to this proxy

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

http_access allow localnet !restricted_sites !restricted_dst !palabras
http_access allow Auth_jvr nav_full !nav_nac
http_access allow Auth_jvr nav_cuba nacional


http_access deny all


--
Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de Salud. La persona que envia este correo asume el compromiso de usar el servicio a tales fines y cumplir con las regulaciones establecidas

Infomed: http://www.sld.cu/



More information about the squid-users mailing list