|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Logs from AD, man. 25.04.16 20:33, Hack Ensolo пишет: > Hi, > I try to authenticate a user in AD (windows server 2008 R2). > When he is in a group Webusers he must authenticated and when I remove the user of this group, he must not authenticated. > And this process doesn't work because he is always authticated. > > Sorry for my english. > > I post the squid configuration... > I don't post the logs because I 'm not errors. > > cache_mgr service.informatique@ <mailto:service.informatique@xxxxxx>example.com <http://example.com> > > ### Negotiate kerberos authentification > auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s HTTP/rex.example.com@xxxxxxxxxxx <mailto:rex.example.com@xxxxxxxxxxx> > auth_param negotiate children 20 startup=0 idle=1 > auth_param negotiate keep_alive off > > ### ldap authorisation > external_acl_type kerbgroup ttl=60 children-max=15 children-startup=10 ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -R -K -b ou=students,dc=server,dc=example,dc=com -D squid@xxxxxxxxxxx <mailto:squid@xxxxxxxxxxx> -W /etc/squid3/ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=students,dc=server,dc=example,dc=com))" -h dc1.server.example.com <http://dc1.server.example.com> > > ### acl for proxy auth and ldap authorizations > acl auth proxy_auth REQUIRED > acl kerbusers external kerbgroup webusers > > ### squid defaults > acl localnet src 172.17.0.0/16 <http://172.17.0.0/16> > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost > > ### http_access rules > http_access allow manager localhost > http_access allow auth > http_access deny !auth > http_access allow kerbusers > http_access allow localnet > http_access deny manager > http_access deny all > > ### logging > access_log stdio:/var/log/squid3/access.log > cache_store_log stdio:/var/log/squid3/store.log > > ### squid Debian defaults > http_port 3128 > cache_effective_user proxy > cache_effective_group proxy > cache_dir ufs /cache1 20000 16 256 > cache_dir ufs /cache2 20000 16 256 > coredump_dir /var/spool/squid3 > > ### default squid rules > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXHiwmAAoJENNXIZxhPexGErgIAMHORuxEGPdj5UKhoKAa3dDK jp9wcb0vrgH0F2YT+vM5AdlgPqG97/7UlB/jrfbmrMOwXcz0e1mdxDlRo9vJbeJA eC9k9u7AxqTTBCeOTMdIW11CGF8Fh8gVr5lhO6ue7YIfAzr1CzrhlWhBNxqNKxD+ LvzkSGNXdn6JCaNRTLYcSJJGKYj7pGjS/RClEnoi2LADpO66N3k4dOFYgrASRKU2 J+kn1EOLM/FkKJOUQPrKeUo8fTZ/v04ysxdI5UWqqdFj7hE1ISBJT5XzKQmQ/U0P qmI6Y8ypL8IClEvbevi6xIacVezVJols+Cj3tS35fAxJVjiY3q4VfhkMAHRopLo= =kg1R -----END PGP SIGNATURE----- |
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
