[squid-users] Using a proxy_auth acl to match active directory usernames

From: Ken Thomson <[email protected]>
Date: Wed, 26 Nov 2003 13:13:24 +1100

Hi all,

I have a Squid v2.5 Stable 3 system which uses NTLM authentication to
authenticate users to an active directory domain. This works fine.
Only valid domain users can use the proxy.

I also use delay pools to throttle bandwidth - this also works fine.

What I want to do is add new delay pools which will be applied based on
a proxy_auth acl. I have tried setting this up - but no matter what
variations I try the acl doesn't seem to be matching up with the users
selected.

Here is the appropriate parts of squid.conf... The non-proxy auth acls
work fine.

acl abc_net src 10.0.0.0/255.255.0.0
acl bypass_delay proxy_auth -i "/usr/local/squid/etc/bypass_delay"
acl delayed_users proxy_auth -i "/usr/local/squid/etc/delay_users"
acl delayed_files urlpath_regex -i \.exe$ \.zip$ \.msi$ \.pdf$ \.ace$
\.?[0-9][0-9]$ \.swf$ \.gz$
acl delayed_webcam1 urlpath_regex -i webcam
acl delayed_webcam2 urlpath_regex -i \.gif \.png \.swf \.jpg \.jpeg

delay_pools 5
delay_class 1 3
delay_class 2 1
delay_class 3 3
delay_class 4 3
delay_class 5 3

delay_access 1 allow delayed_users
delay_access 1 deny all
delay_access 2 allow bypass_delay
delay_access 2 deny all
delay_access 3 allow delayed_webcam1 delayed_webcam2
delay_access 3 deny all
delay_access 4 allow delayed_files
delay_access 4 deny all
delay_access 5 allow abc_net
delay_access 5 deny all

delay_parameters 1 2000/2000 2000/2000 2000/2000
delay_parameters 2 -1/-1
delay_parameters 3 8000/8000 8000/8000 2000/2000
delay_parameters 4 25000/100000 25000/100000 8000/16000
delay_parameters 5 25000/100000 25000/100000 16000/16000

Given the domain name is ABC.. I have tried all of the following in the
files defined...

ABC\username
ABC\\username
username
username$

None of which work. I have tried changing the acls so they look like...

acl bypass_delay proxy_auth -i ABC\\username username username$
acl delayed_users proxy_auth -i ABC\\username2 username2 username2$

This doesn't work either.

In all cases it is delay pool 5 which is applied.

Any ideas on what I could do to get to my intended outcome?

Regards,
Ken.
Received on Tue Nov 25 2003 - 19:13:28 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:36 MST