Re: [squid-users] max_user_ip doesn't work properly

From: Henrik Nordstrom <[email protected]>
Date: Fri, 28 Mar 2003 14:24:26 +0100

Not really, besides it being noted that it maybe Squid does not identify
the user in the two shemes as the same even if their login is identical.

Maybe you should register a bug report on this problem.

Regards
Henrik

Alexander Kiselev wrote:
>
> Henrik,
>
> any updates so far?
>
> Thanks.
>
> --
> Cheers,
> Alex
>
> ----- Original Message -----
> From: "Alexander Kiselev" <akiselev@mow-co.ru.dhl.com>
> To: "Henrik Nordstrom" <hno@squid-cache.org>
> Cc: <squid-users@squid-cache.org>
> Sent: Thursday, March 27, 2003 10:26 AM
> Subject: Re: [squid-users] max_user_ip doesn't work properly
>
> > Henrik,
> >
> > there is actually one user. In the Netscape's password prompt i write
> > "domain\username" in username field.
> >
> > In the access.log there is the same user, but comes from different
> > addresses.
> >
> > I suppose that NTLM and Basic helpers hold an user's caches differently,
> > that is why they don't see each other, but they SHOULD do that, because is
> a
> > hole for the users to share their passwords and use the different browsers
> > on different computers in the same time.
> >
> > Any suggestions?
> >
> > --
> > Cheers,
> > Alex
> >
> >
> > ----- Original Message -----
> > From: "Henrik Nordstrom" <hno@squid-cache.org>
> > To: "Alexander Kiselev" <akiselev@mow-co.ru.dhl.com>
> > Cc: <squid-users@squid-cache.org>
> > Sent: Thursday, March 27, 2003 2:53 AM
> > Subject: Re: [squid-users] max_user_ip doesn't work properly
> >
> >
> > > This is a known problem. To Squid the two users are different users, and
> > > there is no clear way of matching them.
> > >
> > > You also see this symptom in access.log, where the user column shows
> > > differently.
> > >
> > > Regards
> > > Henrik
> > >
> > > Alexander Kiselev wrote:
> > > >
> > > > Hi all.
> > > >
> > > > on Squid2.5.STABLE2 i found that there is a problem with "acl
> > max_user_ip".
> > > > I use this feature to limit users to use Internet from one PC only in
> > the
> > > > same time. It works fine only in case if the same authentication
> method
> > is
> > > > using on both PCs, i.e. NTLM (if users on both PCs use IExplorer) or
> > Basic
> > > > (if they use any others browsers).
> > > >
> > > > My configuration (a part of "squid.conf" file):
> > > >
> > > > # All users must log in
> > > > acl authenticated proxy_auth REQUIRED
> > > > http_access deny !authenticated
> > > > deny_info ERR_AUTH_FAILED authenticated
> > > >
> > > > # No users may share their login/password with others
> > > > acl MaxIP max_user_ip -s 1
> > > > http_access deny MaxIP
> > > > deny_info ERR_MAX_USER_IP MaxIP
> > > >
> > > > # vip_users allowed always
> > > > acl vip_users proxy_auth "/path/to/vip_users"
> > > > http_access allow vip_users
> > > >
> > > > How to limit the users with "acl max_user_ip" feature not depending on
> > > > browser they use?
> > > >
> > > > Thanks.
> > > >
> > > > --
> > > > Cheers,
> > > > Alex
> > >
> >
> >
Received on Fri Mar 28 2003 - 07:25:52 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:25 MST