Search squid archive

Re: Squid 3.4.8 helpers doesn't work how I want !

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Logs from AD, man.


25.04.16 20:33, Hack Ensolo пишет:
> Hi,
> I try to authenticate a user in AD (windows server 2008 R2).
> When he is in a group Webusers he must authenticated and when I remove the user of this group, he must not authenticated.
> And this process doesn't work because he is always authticated.
>
> Sorry for my english.
>
> I post the squid configuration...
> I don't post the logs because I 'm not errors.
>
> cache_mgr service.informatique@ <mailto:service.informatique@xxxxxx>example.com <http://example.com>
>
> ### Negotiate kerberos authentification
> auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s HTTP/rex.example.com@xxxxxxxxxxx <mailto:rex.example.com@xxxxxxxxxxx>
> auth_param negotiate children 20 startup=0 idle=1
> auth_param negotiate keep_alive off
>
> ### ldap authorisation
> external_acl_type kerbgroup ttl=60 children-max=15 children-startup=10 ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -R -K -b ou=students,dc=server,dc=example,dc=com -D squid@xxxxxxxxxxx <mailto:squid@xxxxxxxxxxx> -W /etc/squid3/ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=students,dc=server,dc=example,dc=com))" -h dc1.server.example.com <http://dc1.server.example.com>
>
> ### acl for proxy auth and ldap authorizations
> acl auth proxy_auth REQUIRED
> acl kerbusers external kerbgroup webusers
>
> ### squid defaults
> acl localnet src 172.17.0.0/16 <http://172.17.0.0/16>
> acl SSL_ports port 443
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443         # https
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
>
> ### http_access rules
> http_access allow manager localhost
> http_access allow auth
> http_access deny !auth
> http_access allow kerbusers
> http_access allow localnet
> http_access deny manager
> http_access deny all
>
> ### logging
> access_log stdio:/var/log/squid3/access.log
> cache_store_log stdio:/var/log/squid3/store.log
>
> ### squid Debian defaults
> http_port 3128
> cache_effective_user proxy
> cache_effective_group proxy
> cache_dir ufs /cache1 20000 16 256
> cache_dir ufs /cache2 20000 16 256
> coredump_dir /var/spool/squid3
>
> ### default squid rules
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern ^gopher:        1440    0%      1440
> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> refresh_pattern .               0       20%     4320
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXHiwmAAoJENNXIZxhPexGErgIAMHORuxEGPdj5UKhoKAa3dDK
jp9wcb0vrgH0F2YT+vM5AdlgPqG97/7UlB/jrfbmrMOwXcz0e1mdxDlRo9vJbeJA
eC9k9u7AxqTTBCeOTMdIW11CGF8Fh8gVr5lhO6ue7YIfAzr1CzrhlWhBNxqNKxD+
LvzkSGNXdn6JCaNRTLYcSJJGKYj7pGjS/RClEnoi2LADpO66N3k4dOFYgrASRKU2
J+kn1EOLM/FkKJOUQPrKeUo8fTZ/v04ysxdI5UWqqdFj7hE1ISBJT5XzKQmQ/U0P
qmI6Y8ypL8IClEvbevi6xIacVezVJols+Cj3tS35fAxJVjiY3q4VfhkMAHRopLo=
=kg1R
-----END PGP SIGNATURE-----

Attachment: 0x613DEC46.asc
Description: application/pgp-keys

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux