Re: [squid-users] More ACL issues.

From: Chris Robertson <crobertson@dont-contact.us>
Date: Fri, 21 Sep 2007 11:37:09 -0800

Tom Vivian wrote:
> Hi,
>
> SquidNT 2.5
> ntlm auth
> Windows Server 2003
>
> Everything is nearly working. The authentication against AD is fine, I can
> see the domain name\username in the logs etc. However when I add the acl for
> my tomtom software it allows the tomtom software to connect to their site,
> but I stop seeing the domain name\username in the access logs.
>
> acl tomtom src 192.168.2.100
> http_access allow tomtom
>

Instead of the above, use...

acl tomtom dstdomain .tomtom.com
acl tomsIP src 192.168.2.100
http_access allow tomsIP tomtom

...so 192.168.2.100 is required to authenticate to other sites.

> acl localnet proxy_auth REQUIRED src 192.168.2.0/24
>

Does this even parse? :o)

> http_access allow localnet
>

Here's what I would use...

acl localnet src 192.168.2.0/24
acl proxyauth proxy_auth REQUIRED
http_access allow localnet proxyauth

...assuming you don't want people outside of localnet to use the proxy,
even with proper authentication.

> There must be a way so that I can login to the tomtom site and still
> authenticate in AD?
>
> Thanks,
>
> Tom.
>

Chris
Received on Fri Sep 21 2007 - 13:37:18 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT