Squid local authentification not working



  • Hi,
     Untill now i used squid as transparent proxy with unrestricted ip's list, it's working like this fine, but i want to change it to local authentification…when this is enable with user and pasword enable i can authentificate but it's not working ! acess is blocked by proxy...it's lilke when the ip is not in that unrestricted list ! i remove the ip from list and after i created local authentification for proxy...still not working i authentificate and after i get blocked...how can i resolve this ?

    Thanks



  • Enable and check access.log and cache.log(/var/squid/logs) to see what is not working.



  • Well is authentificated wit user and pasword but after i got acess blocked.
    In sarg reports/realtime i got the user and pasword that is appear in there.
    After authentification enable is like ip is not in unrestricted ip's list but after authentification is required and after entering credentialls.



  • Still not working i installed squid 3 even now after authentification i got acess denied like ip is missing in the unrestricted ip's list, in this way is working with no authentification/with unrestricted ip's. In reports i get tcp_denied, even the authentification is successfully, users are created correctly…what the problem can be ?



  • nobody use local authentification on new squid3 ??



  • I did it on a test machine.

    These are the acls created using blacklist,unrestricted ips and user authentication.

    # These hosts do not have any restrictions
    http_access allow unrestricted_hosts
    # Block access to blacklist domains
    http_access deny blacklist
    auth_param basic program /usr/local/libexec/squid/ncsa_auth /var/etc/squid.passwd
    auth_param basic children 10
    auth_param basic realm autenticacao
    auth_param basic credentialsttl 60 minutes
    acl password proxy_auth REQUIRED
    http_access allow unrestricted_hosts
    http_access allow password localnet
    http_access allow password allowed_subnets
    
    

    access/deny order is:
    unrestricted ips
    banned sites
    user authentication.



  • First, local authentification should work without any ACLs ? i don't want any restriction just authentification and after that browsing like the ip is in unrestricted ip's list(the transparent way).
      By the way this function/option is not working:

    Requiere authentication for unrestricted hosts:
    If this option is enabled, even users tagged as unrestricted through access control are required to authenticate to use the proxy.

    When is enable and ip is in the unrestricted list i got acess without prompt for credentials !



  • @bmironb:

    When is enable and ip is in the unrestricted list i got acess without prompt for credentials !

    Now I got it.

    I've pushed a fix right now, wait 15 minutes and reinstall the package.

    att,
    Marcello Coutinho



  • Many thanks ! i was sure it's a bug…not it's working fine...but in this way: if that option is not enable and ip is not in list after authentification i got acess denied. It's working like this: ip in unrestricted list, option enable i got prompt for credentials authentification succesully and it's working !!! i assumed this is the good way working(for me it's fine like this) ? but still...local/others way of authentifications are made to bypass the ACLs list in particulary unrestricted ip's ? why it can not be a working proxy for whatever the ip is...and based on authentification ?

    Another thing, my proxy is on wan and it's working fine but it's strange that is working also on lan ! :D of course with my dynamic dns adress entered, it should work like this if proxy interface selected is wan and i'm entering from lan

    It's fine that is working now ! thanks a lot !!


Locked