[squid-users] Transparent Authentication

From: Ian <barnracoon@dont-contact.us>
Date: Mon, 30 Apr 2007 15:28:33 +0200

Hi,

Please excuse my ignorance on this one, but I cant seem to get this
working correctly. What im trying to do is run an LDAP authenticator
for anyone that isnt part of the local network (i.e. remote cache from
home or something). I am also transparently redirecting all traffic
inbound on an interface to the cache. Now there are two problems that
I am stumped with.

The relevant parts of my squid.conf file:

auth_param basic program /usr/local/etc/ldap_auth.sh
auth_param basic children 5
auth_param basic realm my.server.net Cache LDAP Authentication
auth_param basic credentialsttl 2 hours
http_port 3128 transparent

acl LDAP proxy_auth REQUIRED
acl ALLOWIP src "/usr/cache/lists/allowip.list"

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ALLOWIP
http_access allow LDAP
http_access deny all

Okay. So the first problem is in cache.log i have the following:
2007/04/30 13:16:40| strtokFile: /usr/cache/lists/allowip.list not found
2007/04/30 13:16:40| aclParseAclLine: WARNING: empty ACL: acl ALLOWIP
src "/usr/cache/lists/allowip.list"

Now that file exists fine:
[root@my] ~ # ls -l /usr/cache/lists/allowip.list
-rwxrwxrwx 1 root www 44 Apr 30 12:57 /usr/cache/lists/allowip.list
[root@my] ~ #

And the contents:
10.10.0.0/255.255.0.0
10.11.0.0/255.255.0.0

Any idea why squid wont read it?

Then the second problem is that for the LDAP auth I am getting this in
the cache.log when someone is transparently redirects and their ip
isnt in the ACL:

aclAuthenticated: authentication not applicable on transparently
intercepted requests.

Now, I have done transparent auth using LDAP before and its only since
I upgraded to 2.6 from 2.5 that this started.

The transparent cache works fine if I dont have any authenticators
running or if I point to it. I am running squid 2.6 Stable 10. The
authenticators work fine if I point to the cache so its just the
combination of the two thats causing the problem.

Thanks in advance...
Ian
Received on Mon Apr 30 2007 - 07:28:36 MDT

This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT