Search squid archive

Re: squid 3.2.11 in opensuse 12.3 and enabling some "vip" for radius auth.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

  Hi,
  thanks for help, it works :) :

auth_param basic children 5
auth_param basic realm Autorized access
auth_param basic credentialsttl 5 minute
auth_param basic casesensitive on

acl vip src "/etc/squid/vip_bypass_auth.txt"
acl http proto http
acl auth proxy_auth REQUIRED
http_access allow http Safe_ports vip
http_access allow CONNECT SSL_ports vip
http_access allow auth
http_access deny all

  Best regards
  J.Karliak

Cituji Brendan Kearney <bpk678@xxxxxxxxx>:


there is an entire wiki article to this exact topic.
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Bypass

every matching http_access line before the required auth is
unauthenticated.  the http_access line requiring auth and all matching
http_access lines after it are authenticated.

On Tue, 2013-06-04 at 13:06 +0200, Josef Karliak wrote:

   Hi,
   I wanna let some IPs bypass radius authorization, like a server IP.
Another users and theirs computers must authorized. So I've this in
the squid.conf:

auth_param basic program /usr/bin/basic_radius_auth -f /etc/radius_config
auth_param basic children 5
auth_param basic realm Authorized access
auth_param basic credentialsttl 5 minute
auth_param basic casesensitive on

acl auth proxy_auth REQUIRED

http_access allow auth
http_access deny all

I thought that I'll have vip IPs in some file and tell squid that this
source IP's will have an access to the internet free without
authorization:

auth_param basic program /usr/bin/basic_radius_auth -f /etc/radius_config
auth_param basic children 5
auth_param basic realm Authorized access
auth_param basic credentialsttl 5 minute
auth_param basic casesensitive on

acl auth proxy_auth REQUIRED
acl vip src "/etc/squid/vip_bypass_auth.txt"

http_access allow auth
http_access allow vip
http_access deny all
File "/etc/squid/vip_bypass_auth.txt" contains IP 192.168.4.51 - my testing PC 

But an internet browser in the testing PC asks for login and password,
after escaping it the "access to squid is denied"  :-/

What did I missed ?

Thanks for kicks to the right way and best regards
J.Karliak.









--
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu,
zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and check. If you've problem with sending emails to me, start
using email origin methods mentioned above. Thank you.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux