[squid-users] Re: sample squid.conf

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 26 Mar 2003 02:05:00 +0100

# Configure Basic authentication with radius as backend
# (see Related Software)
auth_param basic program /path/to/squid_rad_auth ...
[... is options as per the squid_rad_auth documentation]
[other auth_param basic directives as per squid.conf.default]

# Require users to log in
acl login proxy_auth REQUIRED
http_access deny !login

As and alternative to squid_rad_auth you can use the PAM authenticator
shipped with Squid, but this assumes you are familiar with how to
configure the PAM radius client..

Regards
Henrik

James Ambursley wrote:
>
> radius
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> Sent: Tuesday, March 25, 2003 3:18 PM
> To: James Ambursley
> Subject: RE: sample squid.conf
>
> What password source are you trying to connect to? (NCSA / LDAP /
> Windows Domain / Radius / UNIX(PAM) / ...)
>
> Which authentication scheme? (Basic / NTLM / Digest? If unsure Basic..)
>
> Which Squid version?
>
> Regards
> Henrik
>
> tis 2003-03-25 klockan 19.37 skrev James Ambursley:
> > i am trying to create a working squid.conf which shows authentication. I have tried with various parameters and have not been successful.
> >
> >
> > -----Original Message-----
> > From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> > Sent: Tuesday, March 25, 2003 11:55 AM
> > To: James Ambursley
> > Subject: RE: sample squid.conf
> >
> >
> > What for?
> >
> >
> > tis 2003-03-25 klockan 16.01 skrev James Ambursley:
> > > Could you send me a sample squid.conf file, please.
> > >
> > >
> > > -----Original Message-----
> > > From: Henrik Nordstrom [mailto:hno@squid-cache.org]
> > > Sent: Tuesday, March 25, 2003 2:59 AM
> > > To: Ken Thomson
> > > Cc: squid-users@squid-cache.org
> > > Subject: Re: [squid-users] NTLM Authentication using the SMB helper -
> > > need help with access log problems
> > >
> > >
> > > Ken Thomson wrote:
> > >
> > > > The server operates fine, and the authentication works as
> > > > expected. My problem lies with the access.log file.
> > > > Every request from a client is first denied and then
> > > > accepted after being authenticated. This happens to
> > > > *EVERY* request.
> > >
> > > Yes, this is because of how NTLM authentication works.
> > >
> > > On each new TCP connection from the browser the following happens
> > >
> > > 1a. Browser sends request without authentication
> > > 1b. Rejected by Squid as there is no authentication, squid proposing to
> > > use NTLM
> > > 2a. Browser sends request with a NTLM NEGOTIATE packet embedded in the
> > > headers
> > > 2b. Rejected by Squid with a NTLM CHALLENGE packet embedded in the
> > > headers
> > > 3a. Browser sends request with a NTLM AUTHENTICATE packet embedded in
> > > the headers
> > > 3b. Connection accepted by Squid if the authentication is successful.
> > > This request and any future requests on the same TCP connection is
> > > forwarded.
> > >
> > > All responses by Squid is logged.
> > >
> > > If this disturbs your log statistics then filter out TCP_DENIED/407
> > > lines with no username before processing the logs.
> > >
> > > Regards
> > > Henrik
> --
> Henrik Nordstrom <hno@squid-cache.org>
> MARA Systems AB, Sweden
Received on Tue Mar 25 2003 - 18:20:49 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:20 MST