Len Taylor wrote:
> Hi I am trying to set up squid on a xp computer in a windows server 2003
> domain but I am having problems with authentication it just ask for your
> username and password 3 time and then says Cache Access Denied.
>
> This is the first time I have used squid so dont no if I have set it up
> right
>
> auth_param basic program /squid/libexec/squid_ldap_auth.exe -v 3 -b
> ou="My main OU",dc=domain,dc=internal,dc=net -D cn=administrator,ou=" My
> main OU ",dc=doman,dc=internal,dc=net -w "password" -f sAMAccountName=%s
> -h 10.34.44.3
>
> is the line I used
>
> domain.internal.net is the domain name
>
> the reason I need the authentication is so I can log who is doing what
>
> any help would be very welcome
>
> Thank you for your time
>
>
> Len Taylor
>
> # Squid port is 3128; change it if you like
> http_port 3128
>
>
>
> #LDAP
> auth_param basic program /squid/libexec/squid_ldap_auth.exe -v 3 -b
> ou="interjigsaw",dc=davenantsch,dc=internal,dc=net -D
> cn=administrator,ou="interjigsaw",dc=davenantsch,dc=internal,dc=net -w
> "paperclip" -f sAMAccountName=%s -h 10.35.123.3
>
> auth_param basic children 5
> auth_param basic realm Web-Proxy
> auth_param basic credentialsttl 1 minute
>
> # Recommended minimum configuration:
> #acl all src 0.0.0.0/0.0.0.0
> #acl localnet src 10.35.123.0/22
> #acl localhost src 127.0.0.1/255.255.255.255
>
> acl all src 0.0.0.0/0.0.0.0
> acl localnet proxy_auth REQUIRED src 10.35.123.0/22
mising these ACL types is not good:
'proxy_auth' is a "list of valid usernames. use REQUIRED to accept any
valid username."
'src' is a list of IP addresses.
"localnet" is special terminology in networking. Often used in
documentation and configurations to represent the local network IP range(s).
It's better to do this:
acl authUsers proxy_auth REQUIRED
acl localnet src 10.35.123.0/22
....
http_access allow localnet authUsers
I suspect maybe the auth is trying to test that the username is one of:
"src" or "10.35.123.0/22"
> acl localhost src 10.0.0.1/255.255.255.255
"localhost" is also special terinology in networking it means the
Loop=back address: 127.0.0.1/32 or ::1/128
You should have it as:
acl localhost src 127.0.0.1/32
>
> http_access allow localnet
> http_access allow localhost
> http_access deny all
>
> This email (including any attachments) is intended only for the recipient(s) named above. It may contain confidential or privileged information and should not be read, copied or otherwise used by any other person unless express permission is given. If you are not a named recipient, please contact the sender and delete the email from your system. It is the recipient's responsibility to ensure that appropriate measures are in place to check for software viruses.
>
> This message and any attachments are confidential and should only be read by those to whom they are addressed. If you are not the intended recipient, please delete the message from your computer. Internet communications are not always secure and therefore Davenant Foundation School does not accept legal responsibility for this message. The recipient is responsible for verifying its authenticity before acting on the contents. Any views or opinions presented are solely those of the author and do not necessarily represent those of Davenant Foundation School.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14 Current Beta Squid 3.1.0.7Received on Fri Apr 24 2009 - 01:47:53 MDT
This archive was generated by hypermail 2.2.0 : Fri Apr 24 2009 - 12:00:03 MDT