[squid-users] effective acl for tcp_outgoing_address

Eliezer Croitoru ngtech1ltd at gmail.com
Sun Jan 24 09:03:28 UTC 2021 

Hey,

 

I can try to test/check this but I am missing the basic Kerberos auth with AD setup.

I have a working setup but the transparent authentication is not working for me.

 

Eliezer

 

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email:  <mailto:ngtech1ltd at gmail.com> ngtech1ltd at gmail.com

Zoom: Coming soon

 

 

From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Hideyuki Kawai
Sent: Friday, January 22, 2021 11:23 AM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] effective acl for tcp_outgoing_address

 

Hi, this is Kawai.

 

Now, I'm trying to set up squid4.x on centOS, but, have one issue.

Please let me send inquiry as followings.

 

### Requirement ###

The squid is required as follows.

1. Kerberos auth with Active Directory : auth_param .....       <- Success

2. "Security group" check which is gotten from AD : external_acl_type ...(using ext_kerberos_ldap_group_acl)   <- success

3. Using different outgoing IP based on "Security group" : tcp_outgoing_address + external_acl  <- fail (can not work)

 

=== sample configuration which I tested. (but, it did not work…) ===

external_acl_type kerberos_ldap_group1 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl −g GROUP1

external_acl_type kerberos_ldap_group2 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl −g GROUP2

acl group1 external kerberos_ldap_group1

acl group2 external kerberos_ldap_group2

tcp_outgoing_address 10.1.0.1 group1

tcp_outgoing_address 10.1.0.2 group2

 

 

### Inquiry ###

Based on the web site, “tcp_outgoing_address” is NOT support "external_acl". Because the external_acl type is slow.

In this case, how to configure the squid.conf to satisfy my requirement?

 

Please let me inform your comment and knowledge.

Thanks in advance.

 

-------------------------------------

h.kawai at ntt.com <mailto:h.kawai at ntt.com> 

-------------------------------------

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210124/dd806609/attachment.htm>

More information about the squid-users mailing list