[squid-users] Squid 3.4.8 helpers doesn't work how I want !
Yuri Voinov
yvoinov at gmail.com
Mon Apr 25 14:39:35 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Logs from AD, man.
25.04.16 20:33, Hack Ensolo пишет:
> Hi,
> I try to authenticate a user in AD (windows server 2008 R2).
> When he is in a group Webusers he must authenticated and when I remove
the user of this group, he must not authenticated.
> And this process doesn't work because he is always authticated.
>
> Sorry for my english.
>
> I post the squid configuration...
> I don't post the logs because I 'm not errors.
>
> cache_mgr service.informatique@
<mailto:service.informatique at ipl.be>example.com <http://example.com>
>
> ### Negotiate kerberos authentification
> auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth
-s HTTP/rex.example.com at EXAMPLE.COM <mailto:rex.example.com at EXAMPLE.COM>
> auth_param negotiate children 20 startup=0 idle=1
> auth_param negotiate keep_alive off
>
> ### ldap authorisation
> external_acl_type kerbgroup ttl=60 children-max=15 children-startup=10
ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -R -K -b
ou=students,dc=server,dc=example,dc=com -D squid at example.com
<mailto:squid at example.com> -W /etc/squid3/ldappass.txt -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=students,dc=server,dc=example,dc=com))"
-h dc1.server.example.com <http://dc1.server.example.com>
>
> ### acl for proxy auth and ldap authorizations
> acl auth proxy_auth REQUIRED
> acl kerbusers external kerbgroup webusers
>
> ### squid defaults
> acl localnet src 172.17.0.0/16 <http://172.17.0.0/16>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
>
> ### http_access rules
> http_access allow manager localhost
> http_access allow auth
> http_access deny !auth
> http_access allow kerbusers
> http_access allow localnet
> http_access deny manager
> http_access deny all
>
> ### logging
> access_log stdio:/var/log/squid3/access.log
> cache_store_log stdio:/var/log/squid3/store.log
>
> ### squid Debian defaults
> http_port 3128
> cache_effective_user proxy
> cache_effective_group proxy
> cache_dir ufs /cache1 20000 16 256
> cache_dir ufs /cache2 20000 16 256
> coredump_dir /var/spool/squid3
>
> ### default squid rules
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXHiwmAAoJENNXIZxhPexGErgIAMHORuxEGPdj5UKhoKAa3dDK
jp9wcb0vrgH0F2YT+vM5AdlgPqG97/7UlB/jrfbmrMOwXcz0e1mdxDlRo9vJbeJA
eC9k9u7AxqTTBCeOTMdIW11CGF8Fh8gVr5lhO6ue7YIfAzr1CzrhlWhBNxqNKxD+
LvzkSGNXdn6JCaNRTLYcSJJGKYj7pGjS/RClEnoi2LADpO66N3k4dOFYgrASRKU2
J+kn1EOLM/FkKJOUQPrKeUo8fTZ/v04ysxdI5UWqqdFj7hE1ISBJT5XzKQmQ/U0P
qmI6Y8ypL8IClEvbevi6xIacVezVJols+Cj3tS35fAxJVjiY3q4VfhkMAHRopLo=
=kg1R
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160425/d9eb0ce1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160425/d9eb0ce1/attachment.key>
More information about the squid-users
mailing list