Hello!
I run a squid/2.5.STABLE10 in a 1000 user enviroment on a SUSE SLES9 server
with Samba 3.0.9 configured for MS AD.
Everything works just fine with the group authenication against MS AD. But
my problem is that when users without Internet Access Try to access the
internet the login dialog appears, and its like a closed door to a cat -
they are trying other peoples accounts, and lock them out.
So my question is.. Are there any way to disable the login dialog for users
with no internet access??
Here is my squid.conf:
http_port 10.52.5.201:8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
log_fqdn on
client_netmask 255.255.255.255
dns_nameservers 10.52.17.201 10.52.17.202
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
--require-membership-of=S-1-5-21-1187005629-1892371507-1230779191-4288
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
--require-membership-of=S-1-5-21-1187005629-1892371507-1230779191-4288
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#*********************************************************************
acl InternetAccess proxy_auth REQUIRED
#*********************************************************************
acl special_url url_regex -i "/usr/local/squid/etc/open_sites.txt"
#*********************************************************************
http_access allow special_url
http_access allow InternetAccess
#*********************************************************************
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object HTTP
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 2001
acl Safe_ports port 3001
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Received on Thu Jul 07 2005 - 07:30:08 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Aug 01 2005 - 12:00:02 MDT