Re: [squid-users] Restrict User-Access with NTLMSSP (ntlm_auth)

From: Visolve.com <squid@dont-contact.us>
Date: Thu, 13 Dec 2001 18:56:07 +0530

Restrict User-Access with NTLMSSP (ntlm_auth)Hello msew,

         Assuming you want to authenticate squid using ncsa_auth .
To enable these modules to work , give make and make install under
squid-src dir/auth_modules and move corresponding
auth to the /usr/local/squid/bin and set authenticate_program according to
that .

Squid Conf :

To turn on NCSA authentication, edit some directives in squid.conf which is
under /usr/local/squid/etc .

authenticate_program /usr/local/squid/bin/ncsa_auth
/usr/local/squid/etc/passwd .

     This tells Squid where to find the authenticator. Next we have to
create an ACL .

 acl auth_users proxy_auth REQUIRED
 http_access allow auth_users

Creating password file :

We should be able to use the htpasswd program that is distributed with
Apache to make the password file.Then in our
squid.conf set the authenticate_program line to include the name of the
password file as above .

e.g. htpasswd from Apache (it's also supposed to be on squid.nlanr.net) .So
get apache_x.y.z.tar.gz (I have apache 1.3.9) and
tar-gunzip and generate /usr/local/squid/etc/passwd file .

First time,use the following command to create new password file.

    htpasswd -c /usr/local/squid/etc/passwd <user> <passwd>

e.g. /usr/bin/htpasswd -c /usr/local/squid/etc/passwd saru
New password:
Re-type new password:
Adding password for user saru

Subsequent,to add users,use

   htpasswd /usr/local/squid/etc/passwd <user> <passwd>

e.g. /usr/bin/htpasswd /usr/local/squid/etc/passwd uma
New password:
Re-type new password:
Adding password for user uma

Run ncsa_auth as Command Line :

 Go to /usr/local/squid/bin directory where ncsa_auth is already moved and
give ./ncsa_auth <passwd file>

e.g . [root@polytest bin]# ./ncsa_auth /usr/local/squid/etc/passwd
username password
ex...
saru saru
OK
lor lor
ERR

Note: [root@polytest NCSA]# make install
/usr/bin/install -c ncsa_auth /usr/local/squid/bin which implies that will
move ncsa_auth to .../squid/bin directory .

Thanks and Regards,
-Kanchana
squid@visolve.com
www.visolve.com

----- Original Message -----
From: msew-bangalore
To: Chemolli Francesco (USI)
Cc: squid-users@squid-cache.org
Sent: Thursday, December 13, 2001 2:01 PM
Subject: Re: [squid-users] Restrict User-Access with NTLMSSP (ntlm_auth)

first of thanx for prompt reply..
But I want to implement this to my existing squid proxy configuration. I'm
not using NTLM using only NCSA auth module. and my setting in squid.conf
file is as below :

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl password proxy_auth REQUIRED
acl allowed_hosts src 192.9.205.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
http_access allow manager localhost
http_access deny manager
http_access allow password
http_access allow allowed_hosts
http_access deny all
Pls help me

----- Original Message -----
From: Chemolli Francesco (USI)
To: 'Freitag, Thoralf' ; 'squid-users@squid-cache.org'
Sent: Thursday, December 13, 2001 01:55 PM
Subject: RE: [squid-users] Restrict User-Access with NTLMSSP (ntlm_auth)

acl allowed_user proxy_auth -i domain\user [ domain\user .... ]
acl allowed_domain dstdomain .some.domain.com
acl HTTP url_regex ^http://
acl REQUIRED proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
http_access allow http allowed_domain allowed_user
http_access deny REQUIRED
http_access deny all

Please in the future refrain from using HTML-formatted posts to
mailing lists. It makes answering difficult. Thanks

--
        /kinkie
-----Original Message-----
From: Freitag, Thoralf [mailto:freitag@berlinerglas.de]
Sent: Thursday, December 13, 2001 8:16 AM
To: 'squid-users@squid-cache.org'
Subject: [squid-users] Restrict User-Access with NTLMSSP (ntlm_auth)
Hello,
I installed and configured Squid (squid-head-200112110000) successful.
Because not all of our windows user should have Web-Access to the whole net.
The older basic auth module MSNT is capable to handle this (files
allowusers, denyusers). How to configure this with NTLMSSP ? To install an
identd at all the maschines and make a combined acl is not workable.
Thanks for your help.
Mit freundlichen Gruessen
Thoralf Freitag
Berliner Glas KGaA
Herbert Kubatz GmbH & Co.
IT-Servicecenter
Tel. +49-30-60905-555 (Hotline)
Tel. +49-30-60905-152 (direkt)
Fax +49-30-60905-100
mail Thoralf.Freitag@berlinerglas.de
web  http://www.berlinerglas.de
Received on Thu Dec 13 2001 - 06:22:05 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:20 MST