mån 2007-04-30 klockan 15:28 +0200 skrev Ian: > Please excuse my ignorance on this one, but I cant seem to get this > working correctly. What im trying to do is run an LDAP authenticator > for anyone that isnt part of the local network (i.e. remote cache from > home or something). ok > I am also transparently redirecting all traffic > inbound on an interface to the cache. Ok, except that you can't use authentication for users transparently intercepted without browser proxy settings. > Okay. So the first problem is in cache.log i have the following: > 2007/04/30 13:16:40| strtokFile: /usr/cache/lists/allowip.list not found > 2007/04/30 13:16:40| aclParseAclLine: WARNING: empty ACL: acl ALLOWIP > src "/usr/cache/lists/allowip.list" > > Now that file exists fine: > [root@my] ~ # ls -l /usr/cache/lists/allowip.list > -rwxrwxrwx 1 root www 44 Apr 30 12:57 /usr/cache/lists/allowip.list > [root@my] ~ # Also check the permissions on the directory. > Then the second problem is that for the LDAP auth I am getting this in > the cache.log when someone is transparently redirects and their ip > isnt in the ACL: > > aclAuthenticated: authentication not applicable on transparently > intercepted requests. Correct. > Now, I have done transparent auth using LDAP before and its only since > I upgraded to 2.6 from 2.5 that this started. has never worked. In some versions Squid has not complained, but you then a) Hijack the web servers possibility to ask for login, making it impossible for users to log in to the web server. b) Leak out your users login details > The transparent cache works fine if I dont have any authenticators > running or if I point to it. I am running squid 2.6 Stable 10. The > authenticators work fine if I point to the cache so its just the > combination of the two thats causing the problem. You can't combine proxy authentication and transparent interception for the same user. Protocol security limitation where the browser is required to be aware it's speaking to a proxy to perform proxy authentication, not a limitation of Squid. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
