gustavo0904
(usa Debian)
Enviado em 22/04/2017 - 00:24h
Ola , pessoal boa noite
estou com um problema
estou tentando implantar um squid autenticando com o AD.
consigo listar os grupos e users normal .
criei algumas ACL de teste e Grupo com a liberação
Porem quando eu coloco o IP do meu proxy no navegador e vou navegar fica solicitando usuario e senha, porem nenhum user e senha que eu coloco eu consigo navegar .
conseguem me ajudar ?
Vou colocar o meu squid.conf aqui para uma analise .
estou usando Debian
# Squid normally listens to port 3128
http_port 3128
# preferencia entre ipv6 e ipv4
dns_v4_first on
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid3 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid3
# Visible Hostname
visible_hostname srvspoxvproxy01.mlsf.infra
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 128.1.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher'
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8002 # CPJ Embracon
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 8443 # HTTPS - Mercedes Benz
acl Safe_ports port 43843 # VNC
acl Safe_ports port 43844 # VNC
acl Safe_ports port 43845 # VNC
acl Safe_ports port 8086 # ICAPTO
acl purge method PURGE
acl CONNECT method CONNECT
#######################################################
# Recommended minimum Access Permission configuration:#
# #
# Deny requests to certain unsafe ports #
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports #
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost #
http_access allow localhost manager
http_access deny manager
#######################################################
#########################################################################
# Example rule allowing access from your local networks. #
# Adapt localnet in the ACL section to list your (internal) IP networks #
# from where browsing should be allowed #
# http_access allow localnet #
http_access allow localhost
#########################################################################
###########################################################################################################
############### CONFIGURAÃS DE SITENS SEM AUTHENTICAÃ AQUI ##############################################
############### ACLS ######################################################################################
acl java_app browser Java/1.4 Java/1.5 Java/1.6 Java/1.7 Java/1.8 Java/1.9;
acl java_vm browser regexp -i Java;
acl java urlpath_regex -i \.class$ \.jar;
acl libjava url_regex javadl-esd.sun.com/*
acl liberados_SA dstdom_regex -i "/etc/squid3/perez/liberado_semautenticacao"
###########################################################################################################
############### PERMISSAO DE SITES SEM AUTHENTICAÇO AQUI #################################################
http_access allow java
http_access allow java_app
http_access allow java_vm
http_access allow libjava
http_access allow liberados_SA
###########################################################################################################
###########################################################################################################
# Metodo de autenticacao #
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 200
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic realm Squid Proxy - Cache de Internet perez
auth_param basic credentialsttl 8 hours
auth_param basic children 60
auth_param basic credentialsttl 8 hours
external_acl_type grupo_ad %LOGIN /usr/lib64/squid/ext_wbinfo_group_acl
###########################################################################################################
##################################################################
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS #
##################################################################
###############################
# ACL's Active Directory AQUI #
###############################
acl ad_intoperacao external grupo_ad intoperacao
#########################
# ACL's Permissoes AQUI #
#########################
acl acesso_intoperacao_dominio dstdomain "/etc/squid3/intoperacao_dominio"
#####################################
# Regras de permissao/bloqueio AQUI #
#####################################
#REGRAS DE LIBERAÃO
http_access allow all Safe_ports ad_intoperacao
#REGRAS DE BLOQUEIO
# And finally deny all other access to this proxy
http_access deny all