Excuse me, To resume, I managed to create a LDAP authentification. Now I want to create an exception for 2 IP addresses. I want those two IP addresses to be allowed access without authentication. visible_hostname proxy_dsi http_port 8080 auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b "XXXXX" -D "CN=XXXi,OU=XXXX,OU=XXXX,OU=XXX,DC=XXX,DC=XXXX,DC=XXX" -w "SQUID42" -f sAMAccountName=%s -h 192.168.1.11 auth_param basic children 30 auth_param basic realm Merci de saisir vos identifiants AD6 auth_param basic credentialsttl 1 hours external_acl_type ldap_group %LOGIN /usr/lib/squid3/ext_ldap_group_acl -R -b "DC=R06,DC=AN,DC=CNAV" -D "CN=proxydsi,OU=InfraReseaux,OU=_ComptesTechniques,OU=_UtilisateursSpecifiques,OU=_Administration,OU=_06-Lyon,DC=R06,DC=AN,DC=CNAV" -w "5quid4DSI@" -f "(&(objectclass=person) (sAMAccountname=%v)(memberof=CN=r06_gl_ProxyDSI,OU=InfraReseaux,OU=DSI,OU=_AccesApplications,OU=_RessourcesRegionales,OU=_Groupes,OU=_Administration,OU=_06-Lyon,DC=R06,DC=AN,DC=CNAV))" -h 192.168.1.11 ldap_group Le_Nom_Du_Groupe_A_chercher acl AD_USER external ldap_group r06_gl_ProxyDSI acl ldap-auth proxy_auth REQUIRED acl ldap-group external ldap_group PROXY_ALLOWED http_access deny !ldap-group http_access deny !ldap-auth http_access allow all acl VLan_etage src 192.168.1.0/24 acl SSL_ports port 443 acl ports_ouverts port 80 acl ports_ouverts port 443 acl ports_ouverts port 21 acl ports_ouverts port 25 acl ports_ouverts port 110 acl ports_ouverts port 143 acl ports_ouverts port 5074 acl ports_ouverts port 7016 acl ports_ouverts port 8010 acl CONNECT method CONNECT hierarchy_stoplist cgi-bin ? coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 redirect_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf redirect_children 50 icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Authenticated-User icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_resp allow all cache_mem 1333 MB minimum_object_size 3 KB maximum_object_size 2000 MB cache_access_log /var/log/squid3/access.log cache_log /var/log/squid3/cache.log cache_store_log /var/log/squid3/store.log forwarded_for off Regards 2016-02-26 10:21 GMT+01:00 Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx>: > Please also always reply to the list and never to individuals, unless > expressly asked to :) > > Antony. > > ---------- Forwarded Message Starts ---------- > > Subject: Re: Authentification LDAP Exception for IP adresse > Date: Friday 26 February 2016 10:17:18 > From: Jérôme Seuniac <jseuniac@xxxxxxxxx> > To: Antony Stone <Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx>> > > Hi Antony, > > Sorry for my squid.conf, want those two IP addresses to be > allowed access without authentication. > > Regards > > 2016-02-26 10:12 GMT+01:00 Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx>: >> On Friday 26 February 2016 at 10:07:12, Jérôme Seuniac wrote: >> >>> Hi, >>> >>> >>> I’m Jerome and I m a novice with squid. >> >> Welcome to the list. >> >>> With the documentation and the FAQ, I managed to create a LDAP >>> authentification. >>> >>> Now I want to create an exception for 2 IP addresses. >> >> What do you mean by "exception"? Do you want those two IP addresses to be >> allowed access without authentication, or do you want to block those two IP >> address from being able to authenticate? >> >>> This is my squid.conf : >> >> Please note in future that we prefer squid.conf to be sent without comments >> and without blank lines - it makes it much easier to read. >> >> >> Regards, >> >> >> Antony. > > -- > I have an excellent memory. > I can't think of a single thing I've forgotten. > > Please reply to the list; > please *don't* CC me. > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -- Cordialement, Seuniac Jérôme. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
