Search squid archive

Re: Squid for windows authentication against Active Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 25/05/11 18:39, Julian Zoellner wrote:

hello all,

in the last days i tried to setup the Squid for windows 2.7.STABLE7 with authentication against a Active Directory Group "Internet". For this is used the folloing HowTo:
http://www.papercut.com/kb/Main/InstallingAndConfiguringSquidNTProxy
Please use 2.7.STABLE9 at the very least. 2.7 as a whole is aging and deprecated, we support 2.7.STABLE9 only until all its useful features are ported to 3.x series. 



So my squid.conf looks like this:

http_port 3128
external_acl_type win_domain_group ttl=120 %LOGIN c:/squid/libexec/mswin_check_ad_group.exe -d -G
acl Inet external win_domain_group MY-DOMAIN/Groups/Internet

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localnet src 10.0.0.0/13
acl SSL_ports port 443 563 10000
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl CONNECT method CONNECT

http_access allow manager localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow Inet

http_access deny all
never_direct allow all
icp_access allow all


After starting up the squid service i get the following reply from my helper:
/mswin_check_ad_group.exe[3692]: Member of Domain MY-DOMAIN
/mswin_check_ad_group.exe[3692]: Into forest MY.DOMAIN
/mswin_check_ad_group.exe[3692]: External ACL win32 group helper build Mar 13 2010, 14:16:45 starting up...
/mswin_check_ad_group.exe[3692]: Domain Global group mode enabled using 'MY-DOMAIN' as default domain.

the last entry in my cache.log is:
2011/05/25 08:03:13| storeLateRelease: released 0 objects

when i try to connect i always get "Cache Access Denied" errorpage.

can please someone help me setting this up?


Firstly, remove the never_direct line.
Then follow the instructions in that tutorial about how to setup authentication... 

    auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe
    auth_param ntlm children 5

    acl loggedIn proxy_auth REQUIRED
    http_access deny !loggedIn
The part you followed begins "The next step is "... which is a clear indication that it depends on the earlier parts which were skipped.
NP: the bits they have in that config about "localnet" are broken and have never worked as described. 

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.7 and 3.1.12.1
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux