Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Doug on December 04, 2001, 12:45:26 PM
-
Hi,
We are running e-smith 4.1.2 and use squid proxy authorisation and the squidGuard blacklists sysem.
I need to deny users using a particular workstation access to the internet even if they know the internet password.
Basically, any http requests from that machine should be denied regardless of the user.
In squid.conf I have:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
and then:
acl pwdprotect proxy_auth REQUIRED
http_access allow pwdprotect
What do I add to deny access to the proxy cache from machine 192.168.0.27??????
Thanks for any help.
Also, has anyone stopped ICQ access from within their network?
-
i don't know sorry but i'd like to know how you set up
squid proxy authorisation
did you use the instructions on made-to-order
they seems a little muddled to me, and i'd like confirmation before i dive in
stephen
-
acl blockedip 192.168.0.27
http_access deny blockedip (before allow pwdprotect)
-
yep, i did use the instructions from made to order.
works fine.
thanks Filippo for the instructions. I'll try them out tomorrow.
thanks!
-
Doug wrote:
>
> yep, i did use the instructions from made to order.
> works fine.
allowing for the difference in sme5
i though this would work, can you tell me why it doesn't
1.
#new file /etc/pam.d/squid
auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so
2.
#squid.conf
add these four lines
#squid..90AddAuth
authenticate_program /usr/lib/squid/pam_auth
authenticate_children 5
acl pwdprotect proxy_auth REQUIRED
http_access allow pwdprotect
remove these two lines from templates marked by #
#http_access allow manager localsrc
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access allow localsrc
http_access deny all
3.
#run (this expands squid.conf)
/sbin/e-smith/signal-event network-create
regards
stephen
-
You're missing a chmod u+s /usr/lib/squid/pam_auth
-
Filippo Carletti wrote:
>
> You're missing a chmod u+s /usr/lib/squid/pam_auth
thanks but...
(would someone else like to try this, my system may have modifications that are getting in the way)
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
tail -f /var/log/squid/store.log
1007637260.439 RELEASE FFFFFFFF 403 -1 -1 -1 unknown -1/94
6 GET http://home.org/
1007637424.260 RELEASE FFFFFFFF 403 -1 -1 -1 unknown -1/95
2 GET http://e-smith.com/
tail -f /var/log/squid/access.log
1007637260.439 59 192.168.35.67 TCP_DENIED/403 1012 GET http://home.org/ - NONE/- -
1007637424.260 26 192.168.35.67 TCP_DENIED/403 1018 GET http://e-smith.com/ - NONE/- -
-
comment out the deny all
-
thanks doug,
i'm half way there, i can get the auth box up but it doesn't accept my username/password
http://groups.yahoo.com/group/dungog_net/files/rpms/
has a new rpm e-smith-pam_auth which is a few custom fragments and instructions
do i have some volunteers to find my mistake ?
regards
stephen
-
Does this rpm also work on SME 4.12
IF NO THEN where can I download a compiled version of PAM_AUTH for SME4.12
ELSE "Thank"
-
>Does this rpm also work on SME 4.12
it doesn't work at all !
>IF NO THEN where can I download a compiled version of
>PAM_AUTH for SME4.12
sme5 has it built in so i didn't look, try google, rpmfind ?