Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vlad2020-09-21 09:47:49
proxy
Vlad, 2020-09-21 09:47:49

Squid authorization basic_ncsa_auth + AD authorization?

Good afternoon.
OS
CentOS Linux release 7.8.2003 (Core)
Linux 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux Configured

squid on CentOS 7.
Authorization configured by kerberos AD. Works.
I also set up authorization by login and password (file with login / password).
It is interesting that separately both authorizations work.
When authorization by AD is enabled, authorization by login and password from a file stops working.
Can you please tell me if it is possible to configure both of these authorizations together?

Squid.conf
[[email protected] squid]# squid -k parse
2020/09/21 09:44:59| Startup: Initializing Authentication Schemes ...
2020/09/21 09:44:59| Startup: Initialized Authentication Scheme 'basic'
2020/09/21 09:44:59| Startup: Initialized Authentication Scheme 'digest'
2020/09/21 09:44:59| Startup: Initialized Authentication Scheme 'negotiate'
2020/09/21 09:44:59| Startup: Initialized Authentication Scheme 'ntlm'
2020/09/21 09:44:59| Startup: Initialized Authentication.
2020/09/21 09:44:59| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2020/09/21 09:44:59| Processing: acl localnet src 192.168.50.0/24 # RFC1918 possible internal network
2020/09/21 09:44:59| Processing: acl localnet src 192.168.60.0/24 # RFC1918 possible internal network
2020/09/21 09:44:59| Processing: acl localnet src 192.168.23.0/24 # RFC1918 possible internal network
2020/09/21 09:44:59| Processing: auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -d -s HTTP/[email protected]
2020/09/21 09:44:59| Processing: auth_param negotiate children 60
2020/09/21 09:44:59| Processing: auth_param negotiate keep_alive on
2020/09/21 09:44:59| Processing: acl auth proxy_auth REQUIRED
2020/09/21 09:44:59| Processing: auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/auth_users
2020/09/21 09:44:59| Processing: auth_param basic children 60
2020/09/21 09:44:59| Processing: auth_param basic realm MTS GW
2020/09/21 09:44:59| Processing: auth_param basic credentialsttl 1 minute
2020/09/21 09:44:59| Processing: acl user_auth proxy_auth REQUIRED
2020/09/21 09:44:59| Processing: http_access allow user_auth
2020/09/21 09:44:59| Processing: acl IP_ACL src "/etc/squid/IP_ACL" # Access List allow ip addresses
2020/09/21 09:44:59| Processing: acl SSL_ports port 443
2020/09/21 09:44:59| Processing: acl Safe_ports port 80 # http
2020/09/21 09:44:59| Processing: acl Safe_ports port 21 # ftp
2020/09/21 09:44:59| Processing: acl Safe_ports port 443 # https
2020/09/21 09:44:59| Processing: acl Safe_ports port 70 # gopher
2020/09/21 09:44:59| Processing: acl Safe_ports port 210 # wais
2020/09/21 09:44:59| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2020/09/21 09:44:59| Processing: acl Safe_ports port 280 # http-mgmt
2020/09/21 09:44:59| Processing: acl Safe_ports port 488 # gss-http
2020/09/21 09:44:59| Processing: acl Safe_ports port 591 # filemaker
2020/09/21 09:44:59| Processing: acl Safe_ports port 777 # multiling http
2020/09/21 09:44:59| Processing: acl CONNECT method CONNECT
2020/09/21 09:44:59| Processing: http_access deny !Safe_ports
2020/09/21 09:44:59| Processing: http_access deny CONNECT !SSL_ports
2020/09/21 09:44:59| Processing: http_access allow localhost manager
2020/09/21 09:44:59| Processing: http_access deny manager
2020/09/21 09:44:59| Processing: http_access allow auth
2020/09/21 09:44:59| Processing: http_access allow IP_ACL
2020/09/21 09:44:59| Processing: http_access allow localhost
2020/09/21 09:44:59| Processing: http_access deny all
2020/09/21 09:44:59| Processing: http_port 3128
2020/09/21 09:44:59| Processing: error_directory /usr/share/squid/errors/ru-ru
2020/09/21 09:44:59| Processing: error_default_language en
2020/09/21 09:44:59| Processing: cache_dir ufs /var/spool/squid 1024 32 256
2020/09/21 09:44:59| Processing: coredump_dir /var/spool/squid
2020/09/21 09:44:59| Processing: refresh_pattern ^ftp: 1440 20% 10080
2020/09/21 09:44:59| Processing: refresh_pattern ^gopher: 1440 0% 1440
2020/09/21 09:44:59| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2020/09/21 09:44:59| Processing: refresh_pattern . 0 20% 4320
2020/09/21 09:44:59| Initializing https proxy context

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

[[+comments_count]] answer(s)
Report
C
CityCat4, 2020-09-21
@CityCat4

Banned on google? :) Articles on the subject of authentication in AD and local lists were written at the beginning of the 2000s, and nothing has changed since then.

Similar questions
E
Evgeny Oleinikov2018-07-12 01:46:13
Squid transparent proxy blocking traffic? 0Reply
E
edmoiseenkoff2013-11-26 13:17:26
Why don't proxy settings work in Ubuntu 12.04? 0Reply
L
loxnemamont2016-03-04 22:40:14
How to raise a Socks5 server with ipv4 in and ipv6 out? 1Reply
I
IlikoN2018-07-27 02:49:23
Is there a program or online service to monitor MY proxies? 5Reply
K
Konstantin2018-07-27 03:16:05
How to set up ipv6 on pc? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question