Indunil Jayasooriya
2007-Mar-26 06:44 UTC
[CentOS] Binding an ip address to an username with SQUID passwod file (SOLVED)
Hi kalinix Thanks fro your correct info. It now works as expected. I am really happy about your rules. Thank you very much indunil On 3/24/07, kalinix <calin.kalinix.cosma at gmail.com> wrote:> > On Sat, 2007-03-24 at 12:06 +0530, Indunil Jayasooriya wrote: > > > > Hi List, > > > > I want to bind an ip address to a username with squid by using squid > > password file. > > > > I am using ncsa_auth programme. Below are line that I have added to > > squid.conf file. > > > > auth_param basic > > program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd > > auth_param basic children 5 > > auth_param basic realm Squid proxy-caching web server > > auth_param basic credentialsttl 2 hours > > auth_param basic casesensitive off > > > > acl ncsa_users proxy_auth REQUIRED > > http_access allow ncsa_users > > > > We are currently browsing internet with usernames and passwords. But > > the problem is a user can access internet from all the workstation > > with his username and password. I do not need it. I only want a user > > to access internet from his machine. > > > > Solution to that is binding an ip address to an username. Then, A user > > can access internet from that particular ip. > > > > I searche a lot from the internet. I found some info. I tried a lot. > > But I still have not been able to solve this issue. > > > > > > Some info I found from the Internet says perl script can do it. > > > > pls see below ulrs for it. > > > > http://iits.uap.edu.ph/~jpira/footnotes/squid.html > > > > http://www.visolve.com/squid/squid30/externalsupport.php > > > > Pls note that I am not a programmer. So I do not know any perl nor do > > I know any python stuff. > > > > So I do not want to go with above urls. > > > > But, I found an easy method from squid list. Pls see below URLS . > > > > > > http://www.squid-cache.org/mail-archive/squid-users/200208/0033.html > > > > http://www.squid-cache.org/mail-archive/squid-users/200208/0029.html > > > > These above URLS are fine for me. The above URLS say, > > > > put the IP add in squid passwd > > > > I did it. Pls see below for my squid_passwd file. > > > > [root at worldnet ~]# cat /etc/squid/squid_passwd > > indunil:TeiAQ3uqXDQNg:192.168.101.25 > > www:Oi4THedCcN0nQ > > web:qsTaT6v2loN5g > > > > It has bound user indunil to ip address 192.168.101.25 . > > > > But user indunil still can access internet from any ip . Why is that? > > Where did I go wrong? > > > > I think that it is an easy task. > > > > Pls help me to solve this issue. It is urgent. > > > > -- > > Thank you > > Indunil Jayasooriya > > > > > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > You should check whether you have ip_user_check (locate ip_user_check). > Normally it comes with squid installation, on CentOS it should be > in /usr/lib/squid/. > > Then you may want to generate a config file, which should contain the > list of ips and users (like <IP> <USER>). > > Then you should add a line in your squid config file (e.g. ip.txt): > external_acl_type IP_USER %SRC %LOGIN /usr/lib/squid/ip_user_check > -f /path/to/config/file/ip.txt > > After ncsa acl you should define a new acl like this: > > acl IP_USER external IP_USER %SRC %LOGIN > > Once this has completed you may want to rewrite the rules, like: > > > http_access deny !ncsa_users > http_access deny !IP_USER > http_access allow IP_USER > http_access allow ncsa_users > > > You can check the ip_user_check after you created the config file from a > command line, issuing the comand: > > /usr/lib/squid/ip_user_check -f /path/to/config/file/ip.txt > > > then if you type the right pair ip user you will get an OK message and > if you have an wrong pair you will get an ERR message > > > For further reading: > > http://devel.squid-cache.org/external_acl/ > > http://www.squid-cache.org/mail-archive/squid-users/200409/0961.html > (the code might be a little fuzzy) > > http://www1.ru.squid-cache.org/mail-archive/squid-users/200303/1304.html > > > http://linuxportal.ru/forums/index.php/m/31853/#msg_31853 (is in > russian, but the code is still in english :D ) > > > > > HTH > > > > Calin > > ================================================> Appendix: A portion of a book, for which nobody yet has discovered any > use. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070326/996013c1/attachment.html>