Search squid archive

Authenticated or not?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi guys,

I have a Little problema that can?t resolve.

I?ve configured our squid server to authenticate using Kerberos agains a
Windows 2008 R2 native domain?

All the tests I?ve done seems that the authentification is correct? and then
I?ve modified the squid.conf file to use this type of auth o non of our
servers.

But every time I try to navigate to some permitted urls, the login window
appears, ?  and if we try to insert credentials, nothing happens..

The logs for this connections says that the user is authenticated? but still
gets a TCP_DENIED

==> /var/log/squid/cache.log <==
2012/10/25 21:47:57| squid_kerb_auth: DEBUG: Got 'YR
YIIG0QYGKw.........DowWOKUFfVkRV' from squid (length: 2335).
2012/10/25 21:47:57| squid_kerb_auth: DEBUG: Decode
'YIIG0QYGKw.........DowWOKUFfVkRV' (decoded length: 1749).

==> /var/log/squid/access.log <==
1351194477.443      8 10.0.10.112 TCP_DENIED/407 6805 GET
http://www.google.es/ user1@DOMAIN.LOCAL NONE/- text/html

==> /var/log/squid/cache.log <==
2012/10/25 21:47:57| squid_kerb_auth: DEBUG: AF
oYG2MIG...........yNG8nGs6Tuc= user1@DOMAIN.LOCAL
2012/10/25 21:47:57| squid_kerb_auth: INFO: User user1@DOMAIN.LOCAL
authenticated

==> /var/log/squid/access.log <==
1351194477.634      0 10.0.10.112 TCP_DENIED/407 6839 GET
http://www.google.es/favicon.ico user1@DOMAIN.LOCAL NONE/- text/html



This is a part of our squid.conf file where are defined the authentification
methods and acls:

acl websites dstdomain "/etc/squid/allowed_websites"

#---------------------------------------------------------------------------
---------------------------
auth_param negotiate program /usr/lib64/squid/squid_kerb_auth -i -d -s
HTTP/proxy.domain.local
#auth_param negotiate program /usr/lib64/squid/squid_kerb_auth -i -d -s
HTTP/proxy.domain.local@DOMAIN.LOCAL
auth_param negotiate children 10
auth_param negotiate keep_alive on

# Fallback to LDAP if Kerberos fails
#auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -b
"ou=users,dc=company,dc=lan" -f sAMAccountName=%s -h dc.company.lan -D
"cn=squid,ou=users_special,dc=$
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours


acl ad_auth proxy_auth REQUIRE

#external_acl_type SQUID_KERB_LDAP ttl=3600 negative_ttl=3600 %LOGIN
/usr/lib64/squid/squid_kerb_ldap -g InternetAccess_ASTEIN_FULL
#acl LDAP_GROUP_CHECK external SQUID_KERB_LDAP
#http_access allow LDAP_GROUP_CHECK
#-------------------------------------------------------


http_access deny XENAPP02 !ad_auth
http_access allow websites XENAPP02 ad_auth

http_access allow LAN !XENAPP02
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all



Any ideas?

Víctor Viudez
victor@xxxxxxxxx




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux