Search squid archive

problem with acl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi everyone,
I'm using squid 2.6 with samba authentication. My problem is the
following. When I use a blank login and an existing (or existed) login
as password on browsers, access is granted although it should not. For
example, i had a user "utilisateur" (samba and system accounts) which
worked (it can go on internet) I deleted both system and samba account.
When i use no login and "utilisateur" for password (on firefox for
example), it still works ! Or if i use toto (which is supposed to be a
valid samba account) as password, it works too.

Here is part of my squid.conf. I'm quite sure it's not a smb_auth
program bug because it works in command line (give an error when only
got a password) and i modified the sh script used by it to know when it
is called by squid process (it is not when no login is given).

*** squid.conf ***
auth_param basic program /usr/lib/squid/smb_auth -U 127.0.0.1 -W MYDOMAIN
auth_param basic realm "Entrez votre login et votre mot de passe"
acl Users proxy_auth REQUIRED
acl e2c         src a.b.c.d/255.255.254.0
acl austrasie   src a.b.c.d/255.255.254.0
acl laxou       src a.b.c.d/255.255.254.0
acl longlaville src a.b.c.d/255.255.254.0
acl luneville   src a.b.c.d/255.255.254.0
acl nancy       src a.b.c.d/255.255.254.0
acl all         src 0.0.0.0/0.0.0.0
acl working_hours time MTWHF 08:00-20:00
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 80
acl Safe_ports port 443
acl Safe_ports port 21
acl Safe_ports port 20
acl Safe_ports port 1025-65535
http_access allow manager localhost
http_access allow purge localhost
http_access allow localhost
http_access deny !working_hours
http_access deny !Safe_ports
http_access deny CONNECT !Safe_ports
http_access deny manager
http_access deny purge
http_access allow Users
http_access allow nancy Users
http_access allow austrasie Users
http_access allow laxou Users
http_access allow longlaville Users
http_access allow luneville Users
http_access deny all
http_reply_access allow all
icp_access allow all
*** end squid.conf ***

My aim is to allow only  'real' authenticated user from my different
subnets, but i don't find out what my mistake is. Thanks for your help.

-- 
Johann Pavis
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux