search for: external_acl_type

Hi All, i was trying to configure proxy server, which will authenticate only for the users in group called "internet" that's in my Windows2003 ADS previously i configured my proxy server for all users in my domain and it was working well i think, i have some problem using external_acl_typel Please Help Following is my present squid configuration squid-2.5.STABLE6-3.4E.11 ========================================================= auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param...

...an access Internet from their ips. Now I want a few users to prevent from accessing all the sites. But Instead, I want them to allow to access a few sites scuh as google.com,cnn.com, bbc.com. I want to limit in that way. I have wriiten below rules. But those users still can access all the sites. external_acl_type ip_user %SRC %LOGIN %DST /usr/lib/squid/ip_user_check -f /etc/squid/ip.conf acl ncsa_users proxy_auth REQUIRED acl ip_users external ip_user %SRC %LOGIN %DST http_access deny !ncsa_users http_access deny !ip_users http_access allow ip_users http_access allow ncsa_users my ip.conf file is like th...

Hi Roy and calin.kalinix.cosma, Thanks for your help all the given to me. Finally, I got it done. Binding an ip address to an username with SQUID and limiting access of some users with their ips to a few sites rules added to squid.conf file external_acl_type ip_user %SRC %LOGIN /usr/lib/squid/ip_user_check -f /etc/squid/ip.conf acl ncsa_users proxy_auth REQUIRED acl ip_users external ip_user %SRC %LOGIN acl clientips src 192.168.101.28 192.168.101.29 192.168.101.30 acl allowedsites url_regex -i "/etc/squid/allowedsites.txt" http_access den...

jajaja ok, you made me laugh I want the firewall to have the ability to see samba users and groups to be able to make firewall rules not only by ip, but also by users 2018-06-01 11:48 GMT-03:00 Rowland Penny via samba <samba at lists.samba.org>: > On Fri, 1 Jun 2018 11:36:47 -0300 > Carlos Bordon via samba <samba at lists.samba.org> wrote: > > > tell me , what you

I've not clear if is a squid or a samba/ntlm_auth trouble... indeed... In Squid i've added: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=LNFFVG --require-membership-of='LNFFVG\Domain Users' auth_param ntlm children 5 but in 'cache.log' i got: Winbindd lookupname failed to resolve 'LNFFVG\Domain into a SID! Winbindd

...hildren 20 auth_param ntlm keep_alive on # NTLM basic auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --domain=MYDOMINIO auth_param ntlm children 20 auth_param basic children 20 auth_param basic realm Proxy midominio.comu auth_param basic credentialsttl 1 hours external_acl_type ldap_group children-max=20 %LOGIN /usr/lib/squid3/ext_wbinfo_group_acl authenticate_ttl 1 hours authenticate_ip_ttl 1 hours krb5.conf [libdefaults] default_realm = MYDOMINIO.COM dns_lookup_kdc = no dns_lookup_realm = no ticket_lifetime = 24h default_keytab_name = /etc/squid3/PROXY.keytab...

...REALM \ #Or if you dont have the SPN set. --kerberos /usr/lib/squid/negotiate_kerberos_auth -r -i -s GSS_C_NO_NAME \ --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOM And use ldap for the groups. Amos explain these thing better then me ;-) Google this : [squid-users] external_acl_type LDAP for acl NOT related to auth And Re: [squid-users] Any suggestions or comments about my configuration? squid 3.5.20 And you have a good group example ;-), 2 resent answered questions with some very good group examples. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba...

hello, samba is setup PDC with ldap client : windows xp pro sp2 server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard is it possible to create an automatic logon with internet explorer ? perhaps with ntlm_auth, but i can't find the good sentence. thanks.

...omes with squid installation, on CentOS it should be > in /usr/lib/squid/. > > Then you may want to generate a config file, which should contain the > list of ips and users (like <IP> <USER>). > > Then you should add a line in your squid config file (e.g. ip.txt): > external_acl_type IP_USER %SRC %LOGIN /usr/lib/squid/ip_user_check > -f /path/to/config/file/ip.txt > > After ncsa acl you should define a new acl like this: > > acl IP_USER external IP_USER %SRC %LOGIN > > Once this has completed you may want to rewrite the rules, like: > > > http_acce...

...SPN set. --kerberos > /usr/lib/squid/negotiate_kerberos_auth  -r -i -s GSS_C_NO_NAME \  >     --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego -- > domain=NTDOM > > And use ldap for the groups. Amos explain these thing better then me > ;-)  > Google this : [squid-users] external_acl_type LDAP for acl NOT > related to auth > And Re: [squid-users] Any suggestions or comments about my > configuration? squid 3.5.20 > And you have a good group example ;-), 2 resent answered questions > with some very good group examples.  ntlm_auth can also do negotiate (which is much m...

...winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/bash Auth lines from my squid.conf file: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic external_acl_type grupo ttl=900 concurrency=70 % LOGIN /usr/sbin/wbinfo_group.pl acl acesso external grupo internet acl CONNECT method CONNECT acl rede proxy_auth REQUIRED src 172.31.16.0/24 http_access allow acesso If I change to just authenticate users against the AD it works, but group restrictions don't......

On 8/13/2015 9:23 AM, Jefferson P. S. Emerick wrote: > Good Morning. > > So.. anybody else have this same issue? Slow ldap authentication? > > -- > Grato, > Jefferson Parreira dos Santos Emerick > > 2015-01-20 9:52 GMT-02:00 Jefferson Parreira dos Santos Emerick < > jeparre at gmail.com>: > >> I have many corporate systems that connect to Samba 4 for

Hi List, I want to bind an ip address to a username with squid by using squid password file. I am using ncsa_auth programme. Below are line that I have added to squid.conf file. auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic

On 19/10/15 16:46, mathias dufresne wrote: > AD from Samba or Microsoft is mainly a database for storing users (and > associated stuffs). It comes also with stuffs (protocols) to connect and > retrieve information. > > How the client uses these information is, as always, a choice from that > specific client. > > Your AD client is your Squid/Squidguard(ian) server. Its job