Search squid archive

ext_user ACL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I'm trying to use ext_user type of ACL but for some reason it isn't
matching. Look at my cache.log message with debug_options set up:

 ACL::ChecklistMatches: result for 'restrictedDomains' is 1
2012/02/08 16:24:40.553| ACLList::matches: result is true
2012/02/08 16:24:40.553| ACLList::matches: checking restrictUsers
2012/02/08 16:24:40.553| ACL::checklistMatches: checking 'restrictUsers'
2012/02/08 16:24:40.553| ACL::ChecklistMatches: result for 'restrictUsers' is -1
2012/02/08 16:24:40.553| ACLList::matches: result is false
2012/02/08 16:24:40.553| aclmatchAclList: 0x7f491617bab8 returning
false (AND list entry failed to match)

I using this because I need to group autheticated users in order to
create ACLs to restrict this groups. I've used proxy_auth instead of
ext_user and worked out but I don't know if this is apropriate in
terms of performance, isn't it? Here is my squid.conf:

# KERBEROS - Integracao completa com AD
auth_param negotiate program
/etc/squid/squid-3.1.16/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth
 -s HTTP/trotsky.redecamara.camara.gov.br
auth_param negotiate children 10
auth_param negotiate keep_alive on

# ACLs externas para buscar grupo baseado em Kerberos.
external_acl_type squid_kerb_ldap  ttl=3600 negative_ttl=3600 %LOGIN
/etc/squid/squid-3.1.16/squid_kerb_ldap/squid_kerb_ldap   -S
californio.redecamara.camara.gov.br  -g
Internet@xxxxxxxxxxxxxxxxxxxxxxxx
##################
visible_hostname trotsky.redecamara.camara.gov.br
dns_nameservers  127.0.0.1
append_domain  .camara.gov.br
hierarchy_stoplist cgi-bin ?
# Recommended minimum configuration:
#
acl AUTENTICADO proxy_auth REQUIRED
acl ldap_group_check external squid_kerb_ldap
acl Maquinas_Portaria src  "/etc/squid/Maquinas_Portaria.txt"
acl Horario_Portaria time MTWHF 7:00-20:00
http_access deny Maquinas_Portaria Horario_Portaria
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
http_access allow localhost
acl Horario_youtube time TWH 9:00-20:00
acl bloqueio-youtube dstdomain www.youtube.com
http_access deny bloqueio-youtube Horario_youtube
acl restrictUsers  ext_user P_7501@xxxxxxxxxxxxxxxxxxxxxxxx
acl restrictedDomains url_regex -i "/etc/squid/InstantMessenger"
http_access deny restrictedDomains restrictUsers
http_access allow ldap_group_check
http_access deny all

I hope someone can help me!

regards,

Wladner
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux