[squid-users] Forwarding request to upstream auth and proxy server

From: Andrew Loughnan <andrewl@dont-contact.us>
Date: Wed, 21 Aug 2002 21:49:59 +1000

I have a problem that I hope can be solved. I want to be able to authenticate locally via smb_auth against our W2k domain controllers and then forward the request to our upstream proxy server where the users need to be authenticated again. I have tried all manners of different config as I think it has something to do with the "always_direct", "never_direct" rules but just playing with these gets me confused.

I am runing SQUID-2.4.STABLE-6.7.3 on a Red Hat 7.3 server.

We are connected to our upstream proxy via a VPN on address 10.13.144.0/23 where the internet user's get authenticated. Our internal network is on a 10.0.4.0/23.
here is a snippet of our proxy config file I hope someone can be of assistance.

http_port 8080
cache_peer proxy parent 3128 0 default no-query
authenticate_program /usr/lib/squid/smb_auth -W STUDENT -U 10.0.4.2
authenticate_children 12
acl students proxy_auth REQUIRED
proxy_auth_realm Student Internet Authentification

#Defaults:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl cache dst 10.130.144.0/255.255.254.0
acl localsrv src 10.0.4.1-10.0.4.49

#
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http2
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#Default configuration:
http_access allow manager localhost
http_access allow manager localsrv
http_access deny !Safe_ports
http_access deny manager
#
http_access allow localhost
http_access allow localsrv
http_access deny manager
http_access allow students
http_access deny all

#$Included to allow transfer through SINA Realm
always_direct allow students
always_direct deny all
#never_direct allow localnet
#never_direct allow cache
#never_direct allow students
ie_refresh on

Thanks

Andrew Loughnan, MCP
Computer Services Manager
St Joseph's College
135 Aphrasia St
Geelong, Victoria Australia
3220
Ph +61 3 5226-8100
DD +61 3 5226-8165
Fax +61 3 5221-6983
E-mail: <<mailto:andrewl@sjc.vic.edu.au>>
WWW: <<http://www.sjc.vic.edu.au>>
Received on Wed Aug 21 2002 - 05:48:11 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:46 MST