RE: [squid-users] security issue regarding authentication

Thanks Henrik!
I checked with our PDC support guy. Indeed all authenticated users had r+x
access on proxyauth and could log on to the Internet, even if not listed in
the Internet Users group.
We changed the rights that only Internet Users had read-access to it.

Thank you very much!

I wish you a Merry Xmas and a Happy New Year 2002. Thanks for
the excellent support.

BR,
./koen

> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@marasystems.com]
> Sent: 20 December 2001 16:20
> To: Van Bossche Koen; 'squid-users@squid-cache.org'
> Subject: Re: [squid-users] security issue regarding authentication
>
>
> What is the permissions on the proxyauth file?
>
> If you log on as the user on a Windows station, can you
> access the file? If
> you can, then the permissions for accessing the file is not
> properly set up.
>
> Regards
> Henrik Nordström
> MARA Systems AB, Sweden
>
>
> On Thursday 20 December 2001 11.24, Van Bossche Koen wrote:
> > Hi all,
> >
> > Any ideas to be able to resolve this are very welcome! I
> have it on all of
> > my proxies. I have a real security issue with squid configured with
> > smb_auth. A user not granted access and therefor not listed
> in any NT group
> > is able to have access to the internet. I checked and there are no
> > permissions for guest logons on NT.
> >
> > [root@TNLLXS01 /root]#
> > /opt/squid/libexec/squid/smb_auth -W KONE.COM -d
> > tnltest5 0ngewoon
> > Domain name: OURDOMAIN
> > Pass-through authentication: no
> > Query address options:
> > Domain controller IP address: 138.249.140.39
> > Domain controller NETBIOS name: XXXNTS1
> > Contents of //XXXNTS1/NETLOGON/proxyauth: allow
> > OK
> >
> > Does anyone know how this is possible or what actually is wrong?
> >
> > BR,
> > ./koen
>
> --
> MARA Systems AB, Giving you basic free Squid support
> Customized solutions, packaged solutions and priority support
> available on request
>
Received on Thu Dec 20 2001 - 09:47:11 MST