On 5/10/2016 7:00 a.m., Nilesh Gavali wrote: > Hi Amos; > Ok, we can discussed the issue in Two part 1. For Windows AD > Authentication & SSO and 2. Linux server unable to access via squid proxy. > > For First point- > Requirement to have SSO for accessing internet via squid proxy and based > on user's AD group membership allow access to specific sites only. I > believe current configuration of squid is working as expected. > > For Second point - > Point I would like to highlight here is, the Linux server IWCCP01 is not > part of domain at all. Hence the below error as squid configured for > AD_auth. So how can we allow Linux server or non domain machine to access > specific sites? > >> Error 407 is "proxy auth required", so the proxy is expecting > authentication >> for some reason. > ==================================== > > Can you confirm that the hostname vseries-test.bottomline.com is > contained in >> your site file /etc/squid/sitelist/dbs_allowed_site ? > > YES, we have entry as .bottomline.com , which work fine when access via > windows machine having proxy enabled for that user. > ============================== >> Can you temporarily change the line "http_access allow IWCCP01 > allowedsite" to >> "http_access allow IWCCP01" and see whether the machine then gets > access? > > I made the changes as suggested but still it is giving same Error 407. Meaning that is the ACL which is broken. > ======================================== > If that works, please list the output of the command: > grep "bottomline.com" /etc/squid/sitelist/dbs_allowed_site > > o/p of above command as below - > > [root@Proxy02 ~]# grep "bottomline.com" > /etc/squid/sitelist/dbs_allowed_site > .bottomline.com > [root@Proxy02 ~]# Okay great. Your allowedsite has a correct entry to match the test request. Since IWCCP01 contains exactly one IP address for the server > acl IWCCP01 src 10.xx.15.103 it means your server is not using that IP address when it contacts Squid. BUT that IP is what gots logged as the client/src IP. > 1475518342.279 0 10.xx.15.103 TCP_DENIED/407 3589 CONNECT vseries-test.bottomline.com:443 - NONE/- text/html Strange. Unless: * those 'xx' are different numbers, or * the line was logged by another Squid process (with different config), or * the config file you think is being used actually is not. I notice that this config tells your Squid to listen on port 8080 and pass all its traffic through a peer at 10.xx.xx.108 which also listens on port 8080. Is that log being produced by that other peer? Is there anything, any non-# lines at all, in your config besides what your first post contained? even if you dont think its relevant. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
