Squid local authentification not working
Untill now i used squid as transparent proxy with unrestricted ip's list, it's working like this fine, but i want to change it to local authentification…when this is enable with user and pasword enable i can authentificate but it's not working ! acess is blocked by proxy...it's lilke when the ip is not in that unrestricted list ! i remove the ip from list and after i created local authentification for proxy...still not working i authentificate and after i get blocked...how can i resolve this ?
Enable and check access.log and cache.log(/var/squid/logs) to see what is not working.
Well is authentificated wit user and pasword but after i got acess blocked.
In sarg reports/realtime i got the user and pasword that is appear in there.
After authentification enable is like ip is not in unrestricted ip's list but after authentification is required and after entering credentialls.
Still not working i installed squid 3 even now after authentification i got acess denied like ip is missing in the unrestricted ip's list, in this way is working with no authentification/with unrestricted ip's. In reports i get tcp_denied, even the authentification is successfully, users are created correctly…what the problem can be ?
nobody use local authentification on new squid3 ??
I did it on a test machine.
These are the acls created using blacklist,unrestricted ips and user authentication.
# These hosts do not have any restrictions http_access allow unrestricted_hosts # Block access to blacklist domains http_access deny blacklist auth_param basic program /usr/local/libexec/squid/ncsa_auth /var/etc/squid.passwd auth_param basic children 10 auth_param basic realm autenticacao auth_param basic credentialsttl 60 minutes acl password proxy_auth REQUIRED http_access allow unrestricted_hosts http_access allow password localnet http_access allow password allowed_subnets
access/deny order is:
First, local authentification should work without any ACLs ? i don't want any restriction just authentification and after that browsing like the ip is in unrestricted ip's list(the transparent way).
By the way this function/option is not working:
Requiere authentication for unrestricted hosts:
If this option is enabled, even users tagged as unrestricted through access control are required to authenticate to use the proxy.
When is enable and ip is in the unrestricted list i got acess without prompt for credentials !
Many thanks ! i was sure it's a bug…not it's working fine...but in this way: if that option is not enable and ip is not in list after authentification i got acess denied. It's working like this: ip in unrestricted list, option enable i got prompt for credentials authentification succesully and it's working !!! i assumed this is the good way working(for me it's fine like this) ? but still...local/others way of authentifications are made to bypass the ACLs list in particulary unrestricted ip's ? why it can not be a working proxy for whatever the ip is...and based on authentification ?
Another thing, my proxy is on wan and it's working fine but it's strange that is working also on lan ! :D of course with my dynamic dns adress entered, it should work like this if proxy interface selected is wan and i'm entering from lan
It's fine that is working now ! thanks a lot !!