i have a working squid ncsa authentication. i have this in my squid.conf
Code:
acl password proxy_auth REQUIRED
acl employees src 192.168.0.2
acl admin src 192.168.1.2
[code]....
this setup makes squid authenticate both the employees and admin network. how can i make squid just authenticate only the employees network? admin network should connect to squid without authentication.
I have a network and am using squid proxy with authentication I want to create another subnet without authentication.
View 1 Replies View RelatedIf users are a memebr of a certain AD group, they are granted access to the web. I have this working but there is a glitch. I have to restart squid everytime I add or remove a user from the active directory group for the change to kick in. I could set up cron to restart squid every x amount of minutes but that is no good. see settings
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
[code]...
Any work arounds for this. I need to able to add an AD user to an AD group so they can have instant access to the web without me having to restart squid
I have a squid server set up with two ports:
http_port 3128 transparent
http_port 3129
Port 3128 is set up for transparent proxying (ie, if you send a request to the internet, iptables forwards it to 3128) Port 3129 is just a regular port. If you connect to 3129 directly, you get prompted for a password:
Code:
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid/squid.passwd
auth_param basic children 2
auth_param basic realm Squid proxy-caching server
acl password proxy_auth admin
http_access allow password
And this is actually working also. If someone signs then they are able to access unrestricted browsing (with squidguard). However, if they don't, they are transparent-proxied and have restricted browsing. The problem is I keep getting /var/squid/cache.log hits:
Code:
2010/03/03 17:11:04| ACHChecklist::authenticated: authentication not applicable on transparently intercepted requests. Basically evertime there's a transparent request, it throws a warning.
I'm using squid 2.6, Win2008 AD server. Clients are using winxp, win7. how to config squid for the authentication with win2008 AD?
View 2 Replies View RelatedI have a squid server currently running with basic authentication. This is a must because we constantly have different people using different machines but the rules must be set per user, not per machine.
We also have a lot of users coming and going. So every time a new user comes to the office I have to manually create a user for him so he can authenticate.
Anyway.. We do not have any windows servers so no Active Directory. But I need some solution to pass the windows login to Squid.
First question: It seems I am using NTLM currently for samba as the person can map their home directories on their windows box withuot authenticating. Why can I not use it for squid?
Second question: Can I make my Centos server into an AD server?
Im having problem in configuring squid server and applying ncsa authentication
Here is my configuration in squid.cong file
I'm fairly new to Linux and very new to Squid and am having authentication issues! I am using Oracle Enterprise Linux (which is basically Red Hat without the branding) and wanting to use Squid Proxy Server for web access with authentication to Active Directory. I've found a number of articles about this online and all of them say to use auth program squid_ldap_conf which should be in /usr/lib/squid/. I don't have a squid directory in /usr/lib for starters and my squid binaries are in /etc/squid but there is no squid_ldap_conf in there either. I have installed the latest version of Squid (3.0) to see if that helped but I still cannot find the authorisation program.
View 3 Replies View RelatedI would like to be able to get squid or dansguardian to authenticate a user account against active directory so that a users browsing activities can be logged.
I can find lots a very useful info on how to set up ntlm_auth etc, but all of these methods produce a pop up window when the user launches the browser.
I'm posting this thread because I would like to be able to authenicate, but without a pop up window. Is there a way of automatically carrying out this authentication so that the user is unaware of it.
We've previously attempted authenticating against an NT4 PDC, but the users worked out that they could use any user account on the network, not just the user that was logged in which kinda defeated the whole idea of logging the users activity.
My current setup is:
Windows 2003 AD
Windows XP Clients, soon to be converted to windows 7.
Fedora 11 running squid and dansguardian.
The first is regarding my home network that I've setup. It mainly consists of two laptops, both running fedora. I find myself using rsync, ssh, scp, and the like quite often, but it is very annoying constantly needing to provide a password. This sounds like a job for RSA keys, but is it safe to do so on my laptop I take whenever I travel? If my laptop were to be stolen, my personal and private keys would be available to the thief. Is it instead better to use something like kerberos (which I'm not very familiar with, ie. I've used it at work but never took the time to learn how it works).
This isn't much of an issue with my home network since it is protected behind my router. However, I have the same issue with rsync, and ssh to my work PC. These are the RSA keys I'm worried about if my laptop were to be stolen.
I have squid proxy authenticating Internet users with LDAP. It's working well. But I have problem when I authenticate to squid proxy to login to Yahoo Messenger. Each time, I login to YM application, the squid proxy popups many authentication windows. These confuse users when they you YM. I checked in squid access log and see that: when users use YM application, the application requests the following links:
[code]...
With each link, squid requires one authentication window. Do you have any ways to squid require only one authentication window when users use YM?
I am trying to install squid with active directory authentication following the steps from http://wiki.squid-cache.org/ConfigEx...ctiveDirectory
I am getting a couple of errors how to rectify them the linux os i am using is centos 5.4 and windows 2008 ADS.
I was successfully able to join to the domain
I would like to configure Squid and DansGuardian that way, that it's a Proxy with Authentication via Website. That means: A new Notebook gets about DHCP the Network-Information like IP-Adress etc.. When he now tries to open a Internet connection it should check if he's authenticated and if not he should get (if this try is from a browser) a login screen in http. It should also not be possible to have internetconnection without being logged in. The clients are Windoze, Mac and Linux. My question now. What programms/deamons are there for doing this authentication. Would you decide for another Programm instead of Squid?
View 2 Replies View Relatedhow can I change the text in the Squid Proxy Authentication Dialog Box...? I would like to change the text "The proxy localhost:3128 is requesting a username and password. The site says: "Squid Proxy Caching Server". Is there a file or a configuration to change the text?
View 4 Replies View RelatedI've got this current configuration : 1 squid server authenticating with 1 forest abc.com, then another company wants to joint but in different forest efg.com, I've already configured trust relationshipt between them.
How should I configured at squid.conf so it will authenticate both domain ?
At squid.conf I've already configured like the following below for abc.com :
Is it enough to adding a new line for auth_param basic program for efg.com ?
My squid server works fine in fedora 11 system . Is there any web like interface for admins to create,change,modify users of squid and to view their logs.
View 1 Replies View RelatedI would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
View 1 Replies View RelatedI have a problem with ldap client authentication in ubuntu. I am using rhel5 as openldap server and I configured ubuntu as client, when I am trying to login the following message is coming."su: Authentication service cannot retrieve authentication info. Sorry"
But when I do search through "ldapsearch" command output is coming without any errors, Can anybody explain what would be problem.
I am trying to configure my android phone (rooted Eris running kaossfroyo 2.2) to be used as a midi controller. Which I am having enough trouble with as it is but it has raised an annoying issue that occurred a month ago when I used the phones tethering network with my laptop. After connecting the laptop to the phones network (either tether, or an Ad-hoc network created using the network manager) I am unable to switch to other networks. In other words when I'm done with the phone-laptop connection I cannot connect my laptop to my home network! When I click on the other network connection I can see that it is attempting to connect in the upper right corner of the desktop (the network icon) but it will not make the connection.
What happens is that the network indicator will make the little circle graphic as if it is trying to connect but it never will display the other circle as green indicating that it has connected. but when I disconnect from the home network that is not connecting I will get a message underneath that will say that ad-hoc network disconnected! If I am switching from the android tether it will say Android-Tether disconnected etc. Even though when I click on network manager it shows that I am attempting to connect to the home network (labeled LIBERTY in my case) upon disconnection it shows the ad-hoc or tether connection being disconnected.
I am absolutely baffled by this! The issue persists even after deleting the ad-hoc connection from the wireless settings tab!!! I would speculate that for some reason the laptop is attempting to connect to the previous ad-hoc connection despite me wanting it to connect to LIBERTY. I am very confused and hope someone can lead me in the right direction.
Here is my query:
Squid document says that Squid accepts only HTTP requests but speaks FTP on the server side when FTP object are requested.
We call Squid HTTP and FTP caching proxy server. Does it also caches FTP contents? Is it possible to configure FTP clients to use Squid cache? When we make an FTP request to an FTP site via Squid will it be bypassed?
I want to make a transparent squid proxy server in centos. The squid proxy version is 2.6 stable. I made a normal squid server but want to make it transparent so that users do not need to enter the proxy settings in web browser. Even i searched about this on google but not getting it properly.I have two lan cards on centos system. ETH1 used for LAN and ETH2 used for WAN. And in this squid.conf i written "http_port 172.16.31.1:3128 transparent" and i also added a rule in iptables which is "iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128" but still i have to enter proxy settings at client's web browser to use internet
View 4 Replies View RelatedI would like to install and configure Transparent squid proxy on a gateway server ,but i dont have a local OR intranet DNS server.I am facing issues do that ,regard .My IP series is 192.168.1.1/24
View 5 Replies View RelatedI know this seems obvious but i'm stuck. I'm trying to install squid via the command "yum install squid" and here is the output:Quote:
Setting up Install Process
Setting up repositories
update 100% |=========================| 951 B 00:00
[code]....
I am not able to connect samba server from other linux pc giving error: NT Authentication Failure
But am able to access through anonymous login from linux Same is working fine will all smb users through windows. I am using rhel 5.
When I am trying to run the Xserver using the command startx I am getting the below mentioned error
xauth: creating new authority file /oracle/oracle10g/.serverauth.22555
Fatal server error:PAM authentication failed, cannot start X server. Perhaps you do not have console ownership?
[code]....
What is the fastest setup to do this? All I want is an internally authenticated webmail server that other servers can send mail to for collection of test emails. Don't need LDAP or anything fancy, just a internal LAN only webmail server. I've got Squirrelmail setup on Ubuntu Server and can't get authentication setup with Squirrelmail and every tutorial I read is way over complicated or has nothing on how to authenticate Squirrelmail with internal, system users.
View 4 Replies View RelatedI want to Configure Linux LDAP Server for user authentication when my users want to connect to the internet.Also i don't want the user to get the home directory on server. i configured ldap server and ldap client without PAM & SASL.and now with perl i can search in ldap for my client's username & password in ldap.
View 1 Replies View Related(Fairly new Ubuntu user)I have a Desktop with 2 network cards and a file share.I currently have eth0 configured and working on a network hosing about 30 people.Now I have another 50-60 people connected on a separate network that want to be tied into the same file share. I have configured both eth0 and eth1 for the networks that they are connected on. currently only eth0 works.When I configured eth1 for some reason It shows that it was last used "never".Is there a way to keep these networks separate and share these files from this server?
eth0 Link encap:Ethernet HWaddr 00:1c:c0:fb:b4:20
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::21c:c0ff:fefb:b420/64 Scope:Link
[code]....
A server is acting as a router between two networks. If the load increases what happens, to the speed of network? whether the network speed will be reduced or it will sustain the same speed (Ex: 100MBps).
View 7 Replies View RelatedI have done configuration of webserver and i want it to pick some information from application server,but i don want people to see that application server,please can someone tell me in detail on how to setup squid reverse proxy server so that each time people want to access my servers they can just see one server,i mean one server must act as a loadbalancer to other servers,let say a sum of up to three servers.I am using redhat 5 servers with apache 2,and squid version that i have is 2.6.
View 5 Replies View Related