Len Taylor wrote:
Hi I am trying to set up squid on a xp computer in a windows server 2003
domain but I am having problems with authentication it just ask for your
username and password 3 time and then says Cache Access Denied.
This is the first time I have used squid so dont no if I have set it up
right
auth_param basic program /squid/libexec/squid_ldap_auth.exe -v 3 -b
ou="My main OU",dc=domain,dc=internal,dc=net -D cn=administrator,ou=" My
main OU ",dc=doman,dc=internal,dc=net -w "password" -f sAMAccountName=%s
-h 10.34.44.3
is the line I used
domain.internal.net is the domain name
the reason I need the authentication is so I can log who is doing what
any help would be very welcome
Thank you for your time
Len Taylor
# Squid port is 3128; change it if you like
http_port 3128
#LDAP
auth_param basic program /squid/libexec/squid_ldap_auth.exe -v 3 -b
ou="interjigsaw",dc=davenantsch,dc=internal,dc=net -D
cn=administrator,ou="interjigsaw",dc=davenantsch,dc=internal,dc=net -w
"paperclip" -f sAMAccountName=%s -h 10.35.123.3
auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute
# Recommended minimum configuration:
#acl all src 0.0.0.0/0.0.0.0
#acl localnet src 10.35.123.0/22
#acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl localnet proxy_auth REQUIRED src 10.35.123.0/22
mising these ACL types is not good:
'proxy_auth' is a "list of valid usernames. use REQUIRED to accept any
valid username."
'src' is a list of IP addresses.
"localnet" is special terminology in networking. Often used in
documentation and configurations to represent the local network IP range(s).
It's better to do this:
acl authUsers proxy_auth REQUIRED
acl localnet src 10.35.123.0/22
....
http_access allow localnet authUsers
I suspect maybe the auth is trying to test that the username is one of:
"src" or "10.35.123.0/22"
acl localhost src 10.0.0.1/255.255.255.255
"localhost" is also special terinology in networking it means the
Loop=back address: 127.0.0.1/32 or ::1/128
You should have it as:
acl localhost src 127.0.0.1/32
http_access allow localnet
http_access allow localhost
http_access deny all
This email (including any attachments) is intended only for the recipient(s) named above. It may contain confidential or privileged information and should not be read, copied or otherwise used by any other person unless express permission is given. If you are not a named recipient, please contact the sender and delete the email from your system. It is the recipient's responsibility to ensure that appropriate measures are in place to check for software viruses.
This message and any attachments are confidential and should only be read by those to whom they are addressed. If you are not the intended recipient, please delete the message from your computer. Internet communications are not always secure and therefore Davenant Foundation School does not accept legal responsibility for this message. The recipient is responsible for verifying its authenticity before acting on the contents. Any views or opinions presented are solely those of the author and do not necessarily represent those of Davenant Foundation School.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
Current Beta Squid 3.1.0.7