Re: [squid-users] proxy_auth help

From: Edward Mann <[email protected]>
Date: 06 Nov 2002 17:53:25 -0600

Chris,

wb_group you don't need, that was just something out of my setup.

Can you send me your entire config file. I have re-ordered things to
work the way that i have mine setup.

auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/lib/squid/wb_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl http_ports port 1-65000

#acl CONNECT method CONNECT
acl proxy_server dst 172.16.1.226/255.255.255.255
acl restricted_users_websites dstdomain
"/etc/squid/restricted_users_websites.txt"
acl my_network src 172.16.0.0-172.25.0.0/255.255.0.0

external_acl_type NT_auth %LOGIN /usr/lib/squid/wb_auth
acl FullAccess external NT_auth all

acl unrestricted_users proxy_auth "/etc/squid/unrestricted_users.txt"
acl restricted_users proxy_auth "/etc/squid/restricted_users.txt"

acl downloads rep_mime_type "/etc/squid/mime_type_blocked_download.txt"
acl blocked_urls url_regex "/etc/squid/blocked_urls.txt"
acl available_download_websites dstdomain
"/etc/squid/available_download_websites.txt"

http_access deny blocked_urls
http_access allow restricted_users restricted_users_websites http_ports
my_network
http_access allow unrestricted_users all http_ports my_network
http_access allow proxy_server http_ports my_network
http_access allow FullAccess

http_access allow manager localhost
http_access allow manager FullAccess

Okay this is all i can think of right now. I am in the middle of re-ip
addressing our network, so my brain is a little scattered. Talk to you
later.

 

On Wed, 2002-11-06 at 13:43, Chris Tatro wrote:
> Below I have pasted my acls, http_access and auth_param
> lines. I tried what you suggested Edward but I am still
> not having any luck. Do I need to type some kind of
> password and user name in to get at the Cache Manger
> through Webmin? Before I turned proxy_auth on I never had
> to type in a password and user name to get at the Cache
> manager I simply changed the port and number to 8080. I
> know it has to be something simple I am doing wrong but I
> for the life of me can�t figure it out.
> Also Edward I do not have a wb_group module I have a
> wb_auth module I am running samba 2.2.6. Am I suppose to
> have a wb_group module?
>
> Thanks for the help so far it is very appreciated.
>
>
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl http_ports port 1-65000
>
> acl CONNECT method CONNECT
> acl proxy_server dst 172.16.1.226/255.255.255.255
> acl restricted_users_websites dstdomain
> "/etc/squid/restricted_users_websites.txt"
> acl my_network src 172.16.0.0-172.25.0.0/255.255.0.0
>
> external_acl_type NT_auth %LOGIN /usr/lib/squid/wb_auth
> acl FullAccess external NT_auth all
>
> acl unrestricted_users proxy_auth
> "/etc/squid/unrestricted_users.txt"
> acl restricted_users proxy_auth
> "/etc/squid/restricted_users.txt"
>
> acl downloads rep_mime_type
> "/etc/squid/mime_type_blocked_download.txt"
> acl blocked_urls url_regex "/etc/squid/blocked_urls.txt"
> acl available_download_websites dstdomain
> "/etc/squid/available_download_websites.txt"
>
>
>
>
> http_access deny blocked_urls
> http_access allow restricted_users
> restricted_users_websites http_ports my_network
> http_access allow unrestricted_users all http_ports
> my_network
> http_access allow proxy_server http_ports my_network
> http_access allow FullAccess
>
> http_access allow manager localhost
> http_access allow manager FullAccess
>
> auth_param ntlm program /usr/lib/squid/wb_ntlmauth
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
>
> auth_param basic program /usr/lib/squid/wb_auth
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
>
>
>
>
> On 06 Nov 2002 08:58:38 -0600
> Edward Mann <edward@arctechnology.com> wrote:
> >ACL run in order. Using the ip address, something like
> >this should do
> >the trick.
> >
> >acl nopasswd src 10.251.0.38/255.255.0.0
> >10.251.0.39/255.255.0.0
> >
> >external_acl_type NT_global_group %LOGIN
> >/usr/lib/squid/wb_group
> >acl FullAccess external NT_global_group internet
> >
> >
> >http_access allow nopasswd
> >http_access allow FullAccess
> >
> >
> >See if that works.
> >
> >On Wed, 2002-11-06 at 05:48, Chris Tatro wrote:
> >> I have all the users authenticating through the NT
> >>domain
> >> controller via winbind from samba. How do I write a ACL
> >> with proxy_auth to allow 2 computer to get through
> >>without
> >> authenticating?
> >> Is this possible?
> >>
> >> Thanks
> >>
> >> >PS I found this post which says what I need to do to
> >>get my cachemgr.cgi working.
> >>
> >>
> >> >You need to allow the host where cachemgr.cgi runs
> >>access without
> >> >proxy_auth.
> >>
> >> >I have a small patch to cachemgr.cgi to allow it to be
> >>used in
> >> >proxy_auth environments.
> >>
> >> ---
> >> >Henrik Nordstrom
> >> >Spare time Squid hacker
> >>
> >> >Alex Pikus wrote:
> >
>
> <TEXTAREA NAME="Signature" ROWS="4" COLS="60"><TEXTAREA
> NAME="Signature" ROWS="4" COLS="60">
Received on Wed Nov 06 2002 - 16:52:36 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:11 MST