Indunil Jayasooriya
2007-Mar-24 06:36 UTC
[CentOS] Binding an ip address to an username with SQUID passwod file
Hi List, I want to bind an ip address to a username with squid by using squid password file. I am using ncsa_auth programme. Below are line that I have added to squid.conf file. auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users We are currently browsing internet with usernames and passwords. But the problem is a user can access internet from all the workstation with his username and password. I do not need it. I only want a user to access internet from his machine. Solution to that is binding an ip address to an username. Then, A user can access internet from that particular ip. I searche a lot from the internet. I found some info. I tried a lot. But I still have not been able to solve this issue. Some info I found from the Internet says perl script can do it. pls see below ulrs for it. http://iits.uap.edu.ph/~jpira/footnotes/squid.html<http://iits.uap.edu.ph/%7Ejpira/footnotes/squid.html> http://www.visolve.com/squid/squid30/externalsupport.php Pls note that I am not a programmer. So I do not know any perl nor do I know any python stuff. So I do not want to go with above urls. But, I found an easy method from squid list. Pls see below URLS . http://www.squid-cache.org/mail-archive/squid-users/200208/0033.html http://www.squid-cache.org/mail-archive/squid-users/200208/0029.html These above URLS are fine for me. The above URLS say, put the IP add in squid passwd I did it. Pls see below for my squid_passwd file. [root at worldnet ~]# cat /etc/squid/squid_passwd indunil:TeiAQ3uqXDQNg:192.168.101.25 www:Oi4THedCcN0nQ web:qsTaT6v2loN5g It has bound user indunil to ip address 192.168.101.25 . But user indunil still can access internet from any ip . Why is that? Where did I go wrong? I think that it is an easy task. Pls help me to solve this issue. It is urgent. -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070324/9e9aad9c/attachment.html>
kalinix
2007-Mar-24 16:23 UTC
[CentOS] Binding an ip address to an username with SQUID passwod file
On Sat, 2007-03-24 at 12:06 +0530, Indunil Jayasooriya wrote:> > Hi List, > > I want to bind an ip address to a username with squid by using squid > password file. > > I am using ncsa_auth programme. Below are line that I have added to > squid.conf file. > > auth_param basic > program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > auth_param basic casesensitive off > > acl ncsa_users proxy_auth REQUIRED > http_access allow ncsa_users > > We are currently browsing internet with usernames and passwords. But > the problem is a user can access internet from all the workstation > with his username and password. I do not need it. I only want a user > to access internet from his machine. > > Solution to that is binding an ip address to an username. Then, A user > can access internet from that particular ip. > > I searche a lot from the internet. I found some info. I tried a lot. > But I still have not been able to solve this issue. > > > Some info I found from the Internet says perl script can do it. > > pls see below ulrs for it. > > http://iits.uap.edu.ph/~jpira/footnotes/squid.html > > http://www.visolve.com/squid/squid30/externalsupport.php > > Pls note that I am not a programmer. So I do not know any perl nor do > I know any python stuff. > > So I do not want to go with above urls. > > But, I found an easy method from squid list. Pls see below URLS . > > > http://www.squid-cache.org/mail-archive/squid-users/200208/0033.html > > http://www.squid-cache.org/mail-archive/squid-users/200208/0029.html > > These above URLS are fine for me. The above URLS say, > > put the IP add in squid passwd > > I did it. Pls see below for my squid_passwd file. > > [root at worldnet ~]# cat /etc/squid/squid_passwd > indunil:TeiAQ3uqXDQNg:192.168.101.25 > www:Oi4THedCcN0nQ > web:qsTaT6v2loN5g > > It has bound user indunil to ip address 192.168.101.25 . > > But user indunil still can access internet from any ip . Why is that? > Where did I go wrong? > > I think that it is an easy task. > > Pls help me to solve this issue. It is urgent. > > -- > Thank you > Indunil Jayasooriya > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centosYou should check whether you have ip_user_check (locate ip_user_check). Normally it comes with squid installation, on CentOS it should be in /usr/lib/squid/. Then you may want to generate a config file, which should contain the list of ips and users (like <IP> <USER>). Then you should add a line in your squid config file (e.g. ip.txt): external_acl_type IP_USER %SRC %LOGIN /usr/lib/squid/ip_user_check -f /path/to/config/file/ip.txt After ncsa acl you should define a new acl like this: acl IP_USER external IP_USER %SRC %LOGIN Once this has completed you may want to rewrite the rules, like: http_access deny !ncsa_users http_access deny !IP_USER http_access allow IP_USER http_access allow ncsa_users You can check the ip_user_check after you created the config file from a command line, issuing the comand: /usr/lib/squid/ip_user_check -f /path/to/config/file/ip.txt then if you type the right pair ip user you will get an OK message and if you have an wrong pair you will get an ERR message For further reading: http://devel.squid-cache.org/external_acl/ http://www.squid-cache.org/mail-archive/squid-users/200409/0961.html (the code might be a little fuzzy) http://www1.ru.squid-cache.org/mail-archive/squid-users/200303/1304.html http://linuxportal.ru/forums/index.php/m/31853/#msg_31853 (is in russian, but the code is still in english :D ) HTH Calin ================================================Appendix: A portion of a book, for which nobody yet has discovered any use.