Restrict User-Access with NTLMSSP (ntlm_auth)Hello msew,
Assuming you want to authenticate squid using ncsa_auth .
To enable these modules to work , give make and make install under
squid-src dir/auth_modules and move corresponding
auth to the /usr/local/squid/bin and set authenticate_program according to
that .
Squid Conf :
To turn on NCSA authentication, edit some directives in squid.conf which is
under /usr/local/squid/etc .
authenticate_program /usr/local/squid/bin/ncsa_auth
/usr/local/squid/etc/passwd .
This tells Squid where to find the authenticator. Next we have to
create an ACL .
acl auth_users proxy_auth REQUIRED
http_access allow auth_users
Creating password file :
We should be able to use the htpasswd program that is distributed with
Apache to make the password file.Then in our
squid.conf set the authenticate_program line to include the name of the
password file as above .
e.g. htpasswd from Apache (it's also supposed to be on squid.nlanr.net) .So
get apache_x.y.z.tar.gz (I have apache 1.3.9) and
tar-gunzip and generate /usr/local/squid/etc/passwd file .
First time,use the following command to create new password file.
htpasswd -c /usr/local/squid/etc/passwd <user> <passwd>
e.g. /usr/bin/htpasswd -c /usr/local/squid/etc/passwd saru
New password:
Re-type new password:
Adding password for user saru
Subsequent,to add users,use
htpasswd /usr/local/squid/etc/passwd <user> <passwd>
e.g. /usr/bin/htpasswd /usr/local/squid/etc/passwd uma
New password:
Re-type new password:
Adding password for user uma
Run ncsa_auth as Command Line :
Go to /usr/local/squid/bin directory where ncsa_auth is already moved and
give ./ncsa_auth <passwd file>
e.g . [root@polytest bin]# ./ncsa_auth /usr/local/squid/etc/passwd
username password
ex...
saru saru
OK
lor lor
ERR
Note: [root@polytest NCSA]# make install
/usr/bin/install -c ncsa_auth /usr/local/squid/bin which implies that will
move ncsa_auth to .../squid/bin directory .
Thanks and Regards,
-Kanchana
squid@visolve.com
www.visolve.com
----- Original Message -----
From: msew-bangalore
To: Chemolli Francesco (USI)
Cc: squid-users@squid-cache.org
Sent: Thursday, December 13, 2001 2:01 PM
Subject: Re: [squid-users] Restrict User-Access with NTLMSSP (ntlm_auth)
first of thanx for prompt reply..
But I want to implement this to my existing squid proxy configuration. I'm
not using NTLM using only NCSA auth module. and my setting in squid.conf
file is as below :
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl password proxy_auth REQUIRED
acl allowed_hosts src 192.9.205.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
http_access allow manager localhost
http_access deny manager
http_access allow password
http_access allow allowed_hosts
http_access deny all
Pls help me
----- Original Message -----
From: Chemolli Francesco (USI)
To: 'Freitag, Thoralf' ; 'squid-users@squid-cache.org'
Sent: Thursday, December 13, 2001 01:55 PM
Subject: RE: [squid-users] Restrict User-Access with NTLMSSP (ntlm_auth)
acl allowed_user proxy_auth -i domain\user [ domain\user .... ]
acl allowed_domain dstdomain .some.domain.com
acl HTTP url_regex ^http://
acl REQUIRED proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
http_access allow http allowed_domain allowed_user
http_access deny REQUIRED
http_access deny all
Please in the future refrain from using HTML-formatted posts to
mailing lists. It makes answering difficult. Thanks
-- /kinkie -----Original Message----- From: Freitag, Thoralf [mailto:freitag@berlinerglas.de] Sent: Thursday, December 13, 2001 8:16 AM To: 'squid-users@squid-cache.org' Subject: [squid-users] Restrict User-Access with NTLMSSP (ntlm_auth) Hello, I installed and configured Squid (squid-head-200112110000) successful. Because not all of our windows user should have Web-Access to the whole net. The older basic auth module MSNT is capable to handle this (files allowusers, denyusers). How to configure this with NTLMSSP ? To install an identd at all the maschines and make a combined acl is not workable. Thanks for your help. Mit freundlichen Gruessen Thoralf Freitag Berliner Glas KGaA Herbert Kubatz GmbH & Co. IT-Servicecenter Tel. +49-30-60905-555 (Hotline) Tel. +49-30-60905-152 (direkt) Fax +49-30-60905-100 mail Thoralf.Freitag@berlinerglas.de web http://www.berlinerglas.deReceived on Thu Dec 13 2001 - 06:22:05 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:20 MST