problem with SQUID
Hi, I use suse 7.3 Internal network connect to internet by setting port 3128 in IE but when i set in squid.conf for authenticate_program that get windows login for users, IE don't get any windows and Internal network (clients) connect to internet normally without login I set these options in squid.conf: authenticate_program /usr/sbin/pam_auth acl password proxy_auth payam acl users src 192.168.1.0/255.255.252.0 http_access allow users http_access allow password Is here any problem with this configuration that IE can't get windows login when want to browsing? Thanks for your help, Payam __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
AFAIK squid doesn't support authentication programs when running in transparent proxy mode. Are you running squid as a transparent proxy? On Thu, 2003-01-16 at 14:43, payam payami wrote:
Hi, I use suse 7.3 Internal network connect to internet by setting port 3128 in IE but when i set in squid.conf for authenticate_program that get windows login for users, IE don't get any windows and Internal network (clients) connect to internet normally without login I set these options in squid.conf:
authenticate_program /usr/sbin/pam_auth acl password proxy_auth payam acl users src 192.168.1.0/255.255.252.0 http_access allow users http_access allow password
Is here any problem with this configuration that IE can't get windows login when want to browsing?
Thanks for your help, Payam
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com --
( Raymond Leach )
) Knowledge Factory (
( )
) Tel: +27 11 445 8100 (
( Fax: +27 11 445 8101 )
) (
( http://www.knowledgefactory.co.za/ )
) http://www.saptg.co.za/ (
o o o o .--. .--. | o_o| |o_o | | \_:| |:_/ | / / \\ // \ \ ( | |) (| | ) /`\_ _/'\ /'\_ _/`\ \___)=(___/ \___)=(___/
I use suse 7.3 Internal network connect to internet by setting port 3128 in IE but when i set in squid.conf for authenticate_program that get windows login for users, IE don't get any windows and Internal network (clients) connect to internet normally without login I set these options in squid.conf:
authenticate_program /usr/sbin/pam_auth acl password proxy_auth payam acl users src 192.168.1.0/255.255.252.0 http_access allow users http_access allow password I'm not sure, if I fully understood your problem, but I guess you want proxy authentication for your clients in the internal network:
acl users src 192.168.1.0/255.255.252.0 http_access allow users These 2 lines grants all your users form the given network access to squid. They don't need to authenticate.
authenticate_program /usr/sbin/pam_auth acl password proxy_auth payam http_access allow password The user payam can authenticate by pam_auth.
Very important is to append the last line: http_access deny all Bernhard
All, I have been looking around the net for about an hour or so for a way to bypass Squid based on URL. For example if a user goes to www.abc.com it goes through squid and it gets cached as normal, however if a user goes to www.xyz.com, it doesn't get cached. It there an ACL to do this, or is there a magical switch? Thanks :-) ============================================ Drew J. Como Phone: 631-434-6600 Systems Administrator Fax: 631-434-7800 dcomo@bascom.com Web: www.bascom.com Bascom Global Internet Services, Inc. -------------------------------------------- "When quality is the goal, winning is guaranteed."
On Wednesday 02 April 2003 00:17, Drew J. Como wrote:
All,
I have been looking around the net for about an hour or so for a way to bypass Squid based on URL. For example if a user goes to www.abc.com it goes through squid and it gets cached as normal, however if a user goes to www.xyz.com, it doesn't get cached.
It there an ACL to do this, or is there a magical switch? from /etc/squid.conf (squid23-2.3.STABLE4-57): # TAG: no_cache # A list of ACL elements which, if matched, cause the reply to # immediately removed from the cache. In other words, use this # to force certain objects to never be cached. # # You must use the word 'DENY' to indicate the ACL names which should # NOT be cached. # # There is no default. We recommend you uncomment the following # two lines. # acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY #acl NVCAB urlpath_regex [-i] nvapplet\.cab #no_cache deny NVCAB
But the requests get serviced by squid in this case, too. If you want to bypass squid and access the website directly, you would have to configure your browser accordingly. Andreas Baetz
On Tuesday 01 April 2003 23:17, Drew J. Como wrote:
All,
I have been looking around the net for about an hour or so for a way to bypass Squid based on URL. For example if a user goes to www.abc.com it goes through squid and it gets cached as normal, however if a user goes to www.xyz.com, it doesn't get cached.
It there an ACL to do this, or is there a magical switch?
Take a look at the no_proxy variables. If it's a problem that a site isn't handled correctly when cached by squid, you can special case it in the squid config. Rob
Hi Payam, please change your squid.conf in this way: --------------------------------- acl password proxy_auth REQUIRED acl users src 192.168.1.0/255.255.252.0 # http_access allow users /* first match wins */ http_access allow password --------------------------------- kind regards Michael Huppert ---------------------------------- ORBIS communications GmbH Goethestrassee 3-5 66121 Saarbruecken E-Mail: m.huppert@orbis-communications.de Fon: 0681 / 9 67 27 60 Fax: 0681 / 9 67 27 69 Date: 16-Jan-03 Time: 14:13:37 ---------------------------------- On 16-Jan-03 payam payami wrote:
Hi, I use suse 7.3 Internal network connect to internet by setting port 3128 in IE but when i set in squid.conf for authenticate_program that get windows login for users, IE don't get any windows and Internal network (clients) connect to internet normally without login I set these options in squid.conf:
authenticate_program /usr/sbin/pam_auth acl password proxy_auth payam acl users src 192.168.1.0/255.255.252.0 http_access allow users http_access allow password
Is here any problem with this configuration that IE can't get windows login when want to browsing?
Thanks for your help, Payam
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
kind regards Michael Huppert Dipl. - Phys. ---------------------------------- ORBIS communications GmbH Goethestrassee 3-5 66121 Saarbruecken E-Mail: m.huppert@orbis-communications.de Fon: 0681 / 9 67 27 60 Fax: 0681 / 9 67 27 69 Date: 16-Jan-03 Time: 14:13:37 ----------------------------------
participants (7)
-
Andreas Baetz -
Bernhard Held -
Drew J. Como -
Michael Huppert -
payam payami -
Raymond Leach -
Robert Davies