On Thu, May 08, 2003 at 10:03:34AM +0200, Fernando Ruza wrote:
> I'm having a small problem with Squid authentication. My conf regarding
> this is the following:
>
> auth_param basic program /usr/local/bin/smb_auth -W HGUV
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> acl domainusers proxy_auth REQUIRED
> acl our_networks src 10.36.192.0/22
> http_access allow our_networks
> http_access allow localhost
> http_access allow domainusers
> http_access deny all
>
> However, when I use a browser (mozilla or IE) it doesn't popup the
> authentication screen for the user and I'm able to visit any web site.
> Is this normal ?? Any reply will be apreciate.
Let me guess... you are trying from a workstation within the
10.36.192.0/22 network? Well, you have allowed that traffic in the first
http_access directive. Keep in mind that the ACLs are run top-down and
the first matching ACL is run and the rest ignored. So the
"our_network" matches and allows access. Squid never reaches the
domainusers ACL.
You may be better off with something like:
,-----[ squid.conf ]-----
| http_access deny !our_networks
| http_access allow localhost
| http_access allow domainusers
| http_access deny all
`---------------
Christoph
-- ~ ~ ".signature" [Modified] 3 lines --100%-- 3,41 AllReceived on Thu May 08 2003 - 16:58:23 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:28 MST