Re: [squid-users] squid 3.2.11 in opensuse 12.3 and enabling some "vip" for radius auth.

From: Josef Karliak <karliak_at_ajetaci.cz>
Date: Tue, 04 Jun 2013 14:33:03 +0200

   Hi,
   thanks for help, it works :) :

auth_param basic children 5
auth_param basic realm Autorized access
auth_param basic credentialsttl 5 minute
auth_param basic casesensitive on

acl vip src "/etc/squid/vip_bypass_auth.txt"
acl http proto http
acl auth proxy_auth REQUIRED
http_access allow http Safe_ports vip
http_access allow CONNECT SSL_ports vip
http_access allow auth
http_access deny all

   Best regards
   J.Karliak

Cituji Brendan Kearney <bpk678_at_gmail.com>:

> there is an entire wiki article to this exact topic.
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Bypass
>
> every matching http_access line before the required auth is
> unauthenticated. the http_access line requiring auth and all matching
> http_access lines after it are authenticated.
>
> On Tue, 2013-06-04 at 13:06 +0200, Josef Karliak wrote:
>> Hi,
>> I wanna let some IPs bypass radius authorization, like a server IP.
>> Another users and theirs computers must authorized. So I've this in
>> the squid.conf:
>>
>> auth_param basic program /usr/bin/basic_radius_auth -f /etc/radius_config
>> auth_param basic children 5
>> auth_param basic realm Authorized access
>> auth_param basic credentialsttl 5 minute
>> auth_param basic casesensitive on
>>
>> acl auth proxy_auth REQUIRED
>>
>> http_access allow auth
>> http_access deny all
>>
>> I thought that I'll have vip IPs in some file and tell squid that this
>> source IP's will have an access to the internet free without
>> authorization:
>>
>> auth_param basic program /usr/bin/basic_radius_auth -f /etc/radius_config
>> auth_param basic children 5
>> auth_param basic realm Authorized access
>> auth_param basic credentialsttl 5 minute
>> auth_param basic casesensitive on
>>
>> acl auth proxy_auth REQUIRED
>> acl vip src "/etc/squid/vip_bypass_auth.txt"
>>
>> http_access allow auth
>> http_access allow vip
>> http_access deny all
>>
>>
>>
>> File "/etc/squid/vip_bypass_auth.txt" contains IP 192.168.4.51 - my
>> testing PC
>>
>> But an internet browser in the testing PC asks for login and password,
>> after escaping it the "access to squid is denied" :-/
>>
>> What did I missed ?
>>
>> Thanks for kicks to the right way and best regards
>> J.Karliak.
>>
>
>
>

-- 
Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a
DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu,
zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji.
My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP)
policy and check. If you've problem with sending emails to me, start
using email origin methods mentioned above. Thank you.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Received on Tue Jun 04 2013 - 12:33:08 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 04 2013 - 12:00:10 MDT