Server :: Squid Group Authentication Via AD?
Mar 30, 2010
If users are a memebr of a certain AD group, they are granted access to the web. I have this working but there is a glitch. I have to restart squid everytime I add or remove a user from the active directory group for the change to kick in. I could set up cron to restart squid every x amount of minutes but that is no good. see settings
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
[code]...
Any work arounds for this. I need to able to add an AD user to an AD group so they can have instant access to the web without me having to restart squid
View 1 Replies
ADVERTISEMENT
May 27, 2011
I have a network and am using squid proxy with authentication I want to create another subnet without authentication.
View 1 Replies
View Related
Jan 15, 2010
i have a working squid ncsa authentication. i have this in my squid.conf
Code:
acl password proxy_auth REQUIRED
acl employees src 192.168.0.2
acl admin src 192.168.1.2
[code]....
this setup makes squid authenticate both the employees and admin network. how can i make squid just authenticate only the employees network? admin network should connect to squid without authentication.
View 3 Replies
View Related
Mar 3, 2010
I have a squid server set up with two ports:
http_port 3128 transparent
http_port 3129
Port 3128 is set up for transparent proxying (ie, if you send a request to the internet, iptables forwards it to 3128) Port 3129 is just a regular port. If you connect to 3129 directly, you get prompted for a password:
Code:
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid/squid.passwd
auth_param basic children 2
auth_param basic realm Squid proxy-caching server
acl password proxy_auth admin
http_access allow password
And this is actually working also. If someone signs then they are able to access unrestricted browsing (with squidguard). However, if they don't, they are transparent-proxied and have restricted browsing. The problem is I keep getting /var/squid/cache.log hits:
Code:
2010/03/03 17:11:04| ACHChecklist::authenticated: authentication not applicable on transparently intercepted requests. Basically evertime there's a transparent request, it throws a warning.
View 2 Replies
View Related
Dec 30, 2010
I'm using squid 2.6, Win2008 AD server. Clients are using winxp, win7. how to config squid for the authentication with win2008 AD?
View 2 Replies
View Related
Nov 11, 2010
I have a squid server currently running with basic authentication. This is a must because we constantly have different people using different machines but the rules must be set per user, not per machine.
We also have a lot of users coming and going. So every time a new user comes to the office I have to manually create a user for him so he can authenticate.
Anyway.. We do not have any windows servers so no Active Directory. But I need some solution to pass the windows login to Squid.
First question: It seems I am using NTLM currently for samba as the person can map their home directories on their windows box withuot authenticating. Why can I not use it for squid?
Second question: Can I make my Centos server into an AD server?
View 1 Replies
View Related
May 29, 2010
Im having problem in configuring squid server and applying ncsa authentication
Here is my configuration in squid.cong file
View 6 Replies
View Related
Jan 28, 2010
I'm fairly new to Linux and very new to Squid and am having authentication issues! I am using Oracle Enterprise Linux (which is basically Red Hat without the branding) and wanting to use Squid Proxy Server for web access with authentication to Active Directory. I've found a number of articles about this online and all of them say to use auth program squid_ldap_conf which should be in /usr/lib/squid/. I don't have a squid directory in /usr/lib for starters and my squid binaries are in /etc/squid but there is no squid_ldap_conf in there either. I have installed the latest version of Squid (3.0) to see if that helped but I still cannot find the authorisation program.
View 3 Replies
View Related
Oct 5, 2010
I would like to be able to get squid or dansguardian to authenticate a user account against active directory so that a users browsing activities can be logged.
I can find lots a very useful info on how to set up ntlm_auth etc, but all of these methods produce a pop up window when the user launches the browser.
I'm posting this thread because I would like to be able to authenicate, but without a pop up window. Is there a way of automatically carrying out this authentication so that the user is unaware of it.
We've previously attempted authenticating against an NT4 PDC, but the users worked out that they could use any user account on the network, not just the user that was logged in which kinda defeated the whole idea of logging the users activity.
My current setup is:
Windows 2003 AD
Windows XP Clients, soon to be converted to windows 7.
Fedora 11 running squid and dansguardian.
View 2 Replies
View Related
May 25, 2011
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
View 1 Replies
View Related
Oct 25, 2010
I have squid proxy authenticating Internet users with LDAP. It's working well. But I have problem when I authenticate to squid proxy to login to Yahoo Messenger. Each time, I login to YM application, the squid proxy popups many authentication windows. These confuse users when they you YM. I checked in squid access log and see that: when users use YM application, the application requests the following links:
[code]...
With each link, squid requires one authentication window. Do you have any ways to squid require only one authentication window when users use YM?
View 2 Replies
View Related
Jul 12, 2010
I am trying to install squid with active directory authentication following the steps from http://wiki.squid-cache.org/ConfigEx...ctiveDirectory
I am getting a couple of errors how to rectify them the linux os i am using is centos 5.4 and windows 2008 ADS.
I was successfully able to join to the domain
View 1 Replies
View Related
Jan 29, 2010
I would like to configure Squid and DansGuardian that way, that it's a Proxy with Authentication via Website. That means: A new Notebook gets about DHCP the Network-Information like IP-Adress etc.. When he now tries to open a Internet connection it should check if he's authenticated and if not he should get (if this try is from a browser) a login screen in http. It should also not be possible to have internetconnection without being logged in. The clients are Windoze, Mac and Linux. My question now. What programms/deamons are there for doing this authentication. Would you decide for another Programm instead of Squid?
View 2 Replies
View Related
Jan 27, 2011
how can I change the text in the Squid Proxy Authentication Dialog Box...? I would like to change the text "The proxy localhost:3128 is requesting a username and password. The site says: "Squid Proxy Caching Server". Is there a file or a configuration to change the text?
View 4 Replies
View Related
Oct 5, 2010
I've got this current configuration : 1 squid server authenticating with 1 forest abc.com, then another company wants to joint but in different forest efg.com, I've already configured trust relationshipt between them.
How should I configured at squid.conf so it will authenticate both domain ?
At squid.conf I've already configured like the following below for abc.com :
Is it enough to adding a new line for auth_param basic program for efg.com ?
View 1 Replies
View Related
May 23, 2010
My squid server works fine in fedora 11 system . Is there any web like interface for admins to create,change,modify users of squid and to view their logs.
View 1 Replies
View Related
Jan 17, 2011
I would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
View 1 Replies
View Related
Mar 12, 2010
I have a problem with ldap client authentication in ubuntu. I am using rhel5 as openldap server and I configured ubuntu as client, when I am trying to login the following message is coming."su: Authentication service cannot retrieve authentication info. Sorry"
But when I do search through "ldapsearch" command output is coming without any errors, Can anybody explain what would be problem.
View 1 Replies
View Related
Jul 19, 2011
How can I create a user group that restricts Internet privileges to only members in the group, then I will assigns certain applications to join the group for access to the Internet.
For example, I want only group net to have access to the Internet. Group net is then connected to:
Code:
So far, I am using the gnome group policy manager that is standard with ubuntu but Its not working. It is possible that im misdirected and that I should use a firewall instead?
View 2 Replies
View Related
May 24, 2010
I have a text file that currently has around 150 000 usernames in it. I need to somehow group them into smaller groups of 1000 and then add that value into the DB. for example user xzy group 1 (hopefully the groups will be digits incrementing)
[Code]....
how to search for 1000 then assign them group 1 and then 1001-1999 to group 2 etc.
View 3 Replies
View Related
Oct 19, 2009
i want secondary users can able to change the files permissions of primary group?user MAC is having www as a primary and httpd as secondary group. But he want to change the file permissions (chmod) httpd group files. Is it possible or not? I think its not possible. If it`s possible then let me know how?
View 3 Replies
View Related
May 25, 2011
I've been tasked with fixing a Red Hat system that dies with a kernel panic during the boot stage:
Code:
EXT3-fserror (dev sda1): ext3_check_descriptors: Inode bitmap for group 4 not in group (block 67239937)!
EXT3-fs: group descriptors corrupted!
mount: error mounting /dev/root on /sysroot as ext3: Invalid argument
I can boot into a Rescue CD, but I'm a bit out of my element because I don't use EXT3 myself, and I've never had to repair a corrupted file system before.
View 3 Replies
View Related
Apr 26, 2011
Here is my query:
Squid document says that Squid accepts only HTTP requests but speaks FTP on the server side when FTP object are requested.
We call Squid HTTP and FTP caching proxy server. Does it also caches FTP contents? Is it possible to configure FTP clients to use Squid cache? When we make an FTP request to an FTP site via Squid will it be bypassed?
View 5 Replies
View Related
Dec 22, 2010
I want to make a transparent squid proxy server in centos. The squid proxy version is 2.6 stable. I made a normal squid server but want to make it transparent so that users do not need to enter the proxy settings in web browser. Even i searched about this on google but not getting it properly.I have two lan cards on centos system. ETH1 used for LAN and ETH2 used for WAN. And in this squid.conf i written "http_port 172.16.31.1:3128 transparent" and i also added a rule in iptables which is "iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128" but still i have to enter proxy settings at client's web browser to use internet
View 4 Replies
View Related
Sep 17, 2010
I would like to install and configure Transparent squid proxy on a gateway server ,but i dont have a local OR intranet DNS server.I am facing issues do that ,regard .My IP series is 192.168.1.1/24
View 5 Replies
View Related
Jan 12, 2010
I know this seems obvious but i'm stuck. I'm trying to install squid via the command "yum install squid" and here is the output:Quote:
Setting up Install Process
Setting up repositories
update 100% |=========================| 951 B 00:00
[code]....
View 1 Replies
View Related
Feb 8, 2011
I have a group (GROUP) with a number of users. I recently added a new user (NEW). NEW is able to read but not write group files, whereas all the other users in the group can read and write to the group files. The permissions for the group files indicate that all members of group should have write permission -rwxrwxr-x
/etc/group indicates that NEW is a member of GROUP
...
GROUP:x:501:GROUP,OLD,OLD2,OLD3,OLD4,....,NEW
[code]....
Don't know if it matters, but both OLD and NEW write to the GROUP files over an internet connection. why NEW can't write to GROUP files? Is there a maximum number of members in a group that I might have exceeded?
View 2 Replies
View Related
Jul 28, 2010
I am not able to connect samba server from other linux pc giving error: NT Authentication Failure
But am able to access through anonymous login from linux Same is working fine will all smb users through windows. I am using rhel 5.
View 3 Replies
View Related
Jun 29, 2011
When I am trying to run the Xserver using the command startx I am getting the below mentioned error
xauth: creating new authority file /oracle/oracle10g/.serverauth.22555
Fatal server error:PAM authentication failed, cannot start X server. Perhaps you do not have console ownership?
[code]....
View 2 Replies
View Related
Nov 7, 2010
What is the fastest setup to do this? All I want is an internally authenticated webmail server that other servers can send mail to for collection of test emails. Don't need LDAP or anything fancy, just a internal LAN only webmail server. I've got Squirrelmail setup on Ubuntu Server and can't get authentication setup with Squirrelmail and every tutorial I read is way over complicated or has nothing on how to authenticate Squirrelmail with internal, system users.
View 4 Replies
View Related
