Hi!
Please! I need help.
I have a content analyser and i am using squid-2.4-stable14 to
authenticate users to access remote desktop (terminal service).
The Squid Proxy provides information about users to the content
analyser this way:
"http://www.site.com default:://user" (That's the wrong way. It should
be like below:)
"http://www.site.com user" (that's the right way)
How can I disable this string: "default://" in my Squid?
I am using Squid only to provide credentials for the content analyser.
It's searching for users in Novell's edirectory.
Below you see my squid.conf and authentication test.
## -> Start squid.conf
auth_param basic program /usr/lib/squid/squid_ldap_auth -v 3 -b
"o=EMPRESA" -s sub -d -D "cn=Rede,o=EMPRESA" -w MyPass -f
"(&(cn=%s)(objectClass=person))" -h 172.16.3.14 -p 389
auth_param basic children 30
auth_param basic realm Squid-Ldap EmpresaProxy
auth_param basic credentialsttl 2 hours
acl authusers proxy_auth REQUIRED
external_acl_type CHECA_GRUPO children=15 %LOGIN
/usr/lib/squid/squid_ldap_group -v 3 -b "o=EMPRESA" -s sub -d -D
"cn=Rede,o=EMPRESA" -w MyPass -f "objectClass=person" -h 172.16.3.14
-p 389 -f cn=%s
acl navegacao external CHECA_GRUPO Internet
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 90 # http-copel
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
#http_access allow all
http_access deny !authusers
http_reply_access allow all
icp_access allow all
always_direct allow all
coredump_dir /var/spool/squid
visible_hostname squid.dom.com.br
redirect_children 30
redirector_bypass off
redirect_program /opt/Websense/bin/WsRedtor # redirect users to
content analyser (websense)
## -> End squid.conf
##-> Start, testing auth squid with edirectory
[root_at_squid ~]# sh squid-ldap-test
usuario senha
user filter '(&(cn=usuario)(objectClass=person))', searchbase 'o=EMPRESA'
attempting to authenticate user
'cn=usuario,ou=INFORMATICA,ou=Sup-Administrativa,o=EMPRESA'
OK
##-> End, testing auth squid with edirectory
Thanks for the attention,
Received on Thu Nov 20 2008 - 10:44:32 MST
This archive was generated by hypermail 2.2.0 : Thu Nov 20 2008 - 12:00:03 MST