Topic: proxy user authentication on SME 512

[Daley Lay]

Hi There,

Pls help, my proxy user authentication is stop working, i don't know what is the problem, the user is bypsssing the password prompt to access the internet now, what shd i do???

regards,
Daley

[Lloyd Keen]

Check /etc/squid/squid.conf file for auth rules. Can't remember exactly but should be something like "http access proxy_auth REQUIRED" followed by some ACL's. If this is not present - rebuild the template with /sbin/e-smith/expand-template /etc/squid/squid.conf and also try restarting squid /etc/rc.d/init.d/squid restart or maybe service squid restart.

[Edgar]

is any howto for this??Lloyd Keen wrote:
>
> Check /etc/squid/squid.conf file for auth rules. Can't
> remember exactly but should be something like "http access
> proxy_auth REQUIRED" followed by some ACL's. If this is not
> present - rebuild the template with
> /sbin/e-smith/expand-template /etc/squid/squid.conf and also
> try restarting squid /etc/rc.d/init.d/squid restart or maybe
> service squid restart.

[Daley Lay]

How about the http://linux.made-to-order.net/article138.html??? does it help...

[Lloyd Keen]

Quick howto:
Download the rpm from here: http://www.comnetel.com/tmp-mitel-pam-auth-0.1-1.noarch.rpm
Installation:
#rpm -Uvh tmp*
restart squid:
#/etc/rc.d/init.d/squid restart
Now set your browser to use the proxy server.

[Daley Lay]

Hi Keen,

I'm currently running squidguard30, can i install it???

[Lloyd Keen]

I haven't really had a look at Trevor's stuff, I presume its for blocking porn or similar. The rpm that I used will basically just authenticate all valid e-smith users through squid. I imagine that those authenticated users are then passed on to squidguard for further authentication - so YES it should work just fine.

[Daley]

well, i assume this is the password authentication for proxy user to access through squid, what about your earlier mentioned - check /etc/squid/squid.conf file for auth rules and http access proxy_auth REQUIRED" and rebuild the template.

Thanks.

[Lloyd Keen]

This rpm will add those lines to /etc/squid/squid.conf for you.

[Edgar]

Its necesary to configure the browsers to use the proxy?, i read that sme 5.1.2 has transparent proxy by default, or am i wrong? and if you had to configure the browsers how can you block the clients that doesnt use it (i mean only nat)?

[Lloyd Keen]

Yes you MUST set the browser to use the proxy server, you can't authenticate against a Transparent Proxy (which e-smith has by default). If you want to block particular users then you'd setup an Access Control List for those users.

[Patrick Schepers]

I'm using e-smith-squid on 4.1.2

Works just fine. You configure it by browser

http://e-smith.dyndns.org/

Cheers

[Daley Lay]

Hi Patrick,

yes, but the e-smith-squid does not really work on 5.1.2.

[Daley Lay]

Hi Keen,

It is using the /etc/passwd to authenticate, well, if you look at the e-smith-squid installed, you will have the separate passwd control for authentication check which is stored /etc/squid/squidpasswd, this means that only selected users are allow to access internet,  how can i change it???

[Daley Lay]

Hi Keen,

> This rpm will add those lines to /etc/squid/squid.conf for you.
what lines added?

[FredS]

Edgar wrote:
>
> Its necesary to configure the browsers to use the proxy?, i

Have a look here if you are running IE

http://www.drbig.co.uk/sdownload/index.php?op=showfiles&catid=6

You can then set IE to autodiscovery with this installed and it will then save all the config hassle

[Daley]

Hi Edgar,

There two versions, which one shd i install? Thkx.

[Daley]

Hi Edgar,

Pls help, i can't download the file... tmp-mitel-proxy-discovery-0.1-1.noarch.rpm or tmp-mitel-proxy-discovery-0.1-1.src.rpm...

[Edgar]

Can you help Daley with download Fred?

[Edgar]

i got no problem with downloading the file, you got to use the noarch version, the other one is the source!

[Daley Lay]

Hi Ed,

Downloaded but file name 'download.php', tried IE and opera... this file is only auto discover the proxy, in order words, as long as your user in /etc/passwd,  then they are allow to access the net.

In view of the e-smith-squid.xxx.rpm, it created the difference 'squidpasswd' passwd file for authentication check, which means that only selected user is allow. can i split the squid passwd check instead of using the /etc/passwd?

Regards,
Daley