Re: [squid-users] it's not disconnect users after Max-Daily-Session ends from Amos Jeffries on 2012-06-13 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 14 Jun 2012 11:02:10 +1200

On 13.06.2012 23:23, ali Eblice wrote:
>> The only possible connection this might have with Squid is if a
>> RADIUS
>> helper (auth_param or external_acl_type) was in use. In which case
>> the
>> squid.conf settings for the helper result cache may be affecting
>> when
>> timeouts occur. Other than that Squid has no control or interaction
>> with
>> RADIUS timeouts.
> Thanks fore reply
> sorry i forgot to put my squid's config .
> I used radius helper .
> here are the configs :
>
>
> content of "/etc/squid3/squid.conf "
>
> -------------------------------------------------------------------------------------------------
> http_port 3333 name=special-port
> acl special-port-users myportname special-port
> auth_param basic program /usr/lib/squid3/squid_radius_auth -f
> /etc/squid3/squid-radius.txt
> ##auth_param basic program /usr/lib/squid3/ncsa_auth
> /etc/squid3/password-squid
> auth_param basic utf8 on
> auth_param basic children 10 start=1 idle=1
> auth_param basic realm Enter User & Enter Pass
> auth_param basic credentialsttl 45 minutes

Here is one part of the problem. It is up to 45 minutes between times
Squid checks with RADIUS helper about user credentials being valid.

The RADIUS config only affects whether the credentials are expired or
not *when checked*. So you get up to 45 minute delay between user
session expiry and Squid rejecting their requests.

> auth_param basic casesensitive off
> ##authenticate_ip_ttl 20 second
> acl special-users proxy_auth REQUIRED
> acl max_ip max_user_ip -s 2
> ##acl max-connections maxconn 50
> ##http_access deny max-connections
> http_access deny max_ip
> http_access allow special-port-users special-users
> http_access deny all
>
> -------------------------------------------------------------------------------------
>
> conteny of /etc/squid3/squid-radius.txt
>
> ------------------------------------------------------------------------------------
> server 127.0.0.1
> secret testing123
>
> ------------------------------------------------------------------------------------
Received on Wed Jun 13 2012 - 23:02:14 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 14 2012 - 12:00:06 MDT