On 12.11.24 15:22, Piana, Josh wrote:
I seem to be able to generate tickets by checking klist, and using kinit to authenticate my username with AD. But it looks like the proxy is ignoring it. This could explain why all my proxy_auth ACL's stopped working too.
Here's my authentication settings:
auth_param negotiate children 10
auth_param negotiate keep_alive on
auth_param basic credentialsttl 2 hours
auth_param basic realm <redacted> Proxy Server
acl kerb-auth proxy_auth REQUIRED
The bottom of my ACL Rules looks like this:
http_access deny !kerb-auth
http_access allow kerb-auth
http_access deny all
The bottom? Are there any ACL rules that allow clients' access before this?
Because ACL rules are processed in the order they are specified.
-----Original Message-----
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Matus UHLAR - fantomas
Sent: Tuesday, November 12, 2024 10:19 AM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Access Log Question
Caution: This email originated from outside of Hexcel. Do not click links or open attachments unless you recognize the sender and know the content is safe.
On 12.11.24 15:16, Piana, Josh wrote:
Seems like it.
Example:
12/Nov/2024:09:51:37 -0500.396 10.46.49.135 TCP_TUNNEL/200 23735
CONNECT
http://www.sa/
fgard.com%3A443%2F&data=05%7C02%7Cjosh.piana%40hexcel.com%7C1dd5a668cff
64041506f08dd032d47f6%7C4248050df19546d5ac9c0c7c52b04cae%7C0%7C0%7C6386
70215221064884%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIw
LjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%
7C&sdata=gmzUs90%2Bccg4xxW8WHB2R4Tyb66r1tfKPdsQL2mHmUE%3D&reserved=0 -
\ HIER_DIRECT/206.188.0.52 - -/-
yes, this looks like the username is not known to squid, thus probably bypassed authentication.
what type of proxy authentication you use?
-----Original Message-----
From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf
Of Matus UHLAR - fantomas
Sent: Tuesday, November 12, 2024 10:10 AM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Access Log Question
Caution: This email originated from outside of Hexcel. Do not click links or open attachments unless you recognize the sender and know the content is safe.
On 12.11.24 14:56, Piana, Josh wrote:
At some point, the access log has stopped recording which users are
trying to access which sites.
I'm currently thinking is could be an issue with log format, Squid
not being able to receive the header information, or authentication
is being bypassed completely due to our config, for some reason.
what is it logging? doest is log "-" instead of usernames?
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"To Boot or not to Boot, that's the question." [WD1270 Caviar]
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
