> -----Mensaje original----- > De: gutl-l-boun...@jovenclub.cu [mailto:gutl-l-boun...@jovenclub.cu] En > nombre de Adrian Martinez Perez > Enviado el: Viernes, 30 de Enero de 2015 10:11 a.m. > Para: Lista cubana de soporte técnico en Tecnologias Libres > Asunto: [Gutl-l] problemas en squid 2.7 > > saludos lista > > hace unos dias instale mi servidor proxy squid 2.7 en debian 7 y > integrado a active directory es decir la autentificacion es por los > usuarios de active directory 2008 pero tengo unos problemas los > usuarios > con navegacion limitada a .cu le pide autorizacion a cada 2 seg y no > deja navegar y a los de navegacion total no pide autentificacion... aca > les dejo la configuracion que tengo > > > > # ------------- Puerto de conexion > http_port 10.16.1.1:3128 > httpd_accel_host virtual > httpd_accel_port 3128 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > > #NTLM Autentificacion > #======================== > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 10 > auth_param negotiate keep_alive on > #=================================================== > > #BASIC Autentificacion > #=========================== > auth_param basic program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-basic > auth_param basic children 10 > auth_param basic realm Servidor de Navegacion GEIA > auth_param basic credentialsttl 30 minute > auth_param basic casesensitive off > > #Plazo para que las IP sean recordadas > #==================================== > authenticate_ip_ttl 1 hours > #========================== > > #Autorizando AD > #=============== > external_acl_type adgroup %LOGIN /usr/lib/squid/wbinfo_group.pl > > > #=================================#==================================== > ====== > # DISK CACHE OPTIONS > # > ----------------------------------------------------------------------- > ------ > > # TAG: cache_dir > cache_dir aufs /var/spool/squid 1024 16 256 > > > # TAG: cache mem > cache_mem 256 MB > cache_mrg adrian.marti...@geia.telemar.cu > > # Object Options > maximum_object_size 400 MB > > # LOGFILE OPTIONS > # > ----------------------------------------------------------------------- > ------ > > # TAG: access_log > access_log /var/log/squid/access.log squid > > cache_access_log /var/log/squid/access.log > > # TAG: cache_log > cache_log /var/log/squid/cache.log > debug_options ALL,1 33,2 > > # TAG: cache_store_log > cache_store_log /var/log/squid/store.log > > > # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM > # > ----------------------------------------------------------------------- > ------ > > # TAG: cache_peer > cache_peer 192.168.100.4 parent 3128 0 no-query default > > # TAG: hierarchy_stoplist > hierarchy_stoplist cgi-bin ? > > # TAG: cache > acl QUERY urlpath_regex cgi-bin \? > > # TAG: client_netmask > client_netmask 255.255.252.0 > > # OPTIONS FOR FTP GATEWAYING > # > ----------------------------------------------------------------------- > ------ > > # TAG: ftp_user > ftp_user sq...@geia.cu > > # TAG: ftp_list_width > ftp_list_width 32 > > # TAG: ftp_passive > ftp_passive on > > # TAG: ftp_sanitycheck > ftp_sanitycheck on > > # OPTIONS FOR TUNING THE CACHE > # > ----------------------------------------------------------------------- > ------ > > # TAG: refresh_pattern > refresh_pattern ^ftp: 1440 200% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern .gif 4320 200% 10080 override-expire > override-lastmod ignore-no-cache ignore-private > refresh_pattern .jpg 4320 200% 10080 override-expire > override-lastmod ignore-no-cache ignore-private > refresh_pattern .png 4320 200% 10080 override-expire > override-lastmod ignore-no-cache ignore-private > refresh_pattern .swf 4320 200% 10080 override-expire > override-lastmod ignore-no-cache ignore-private > refresh_pattern ^http: 2880 200% 10080 override-expire > override-lastmod > refresh_pattern ^https: 2880 200% 10080 override-expire > override-lastmod > > logfile_rotate 3 > > max_filedescriptors 65536 > max_open_disk_fds 65536 > relaxed_header_parser on > reload_into_ims on > quick_abort_min 0 KB > quick_abort_max 0 KB > client_lifetime 15 minutes > read_timeout 5 minutes > request_timeout 30 minutes > #extension_methods NICK > ie_refresh on > ignore_expect_100 on > vary_ignore_expire on > > > > #Acls por Defecto > #================== > acl auth proxy_auth REQUIRED > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/255.255.255.255 > acl apache rep_header Server ^Apache > acl SSL_ports port 443 563 80 22 > acl Safe_ports port 80 21 22 443 563 873 2082 2083 3000 > acl all src all > acl purge method PURGE > acl CONNECT method CONNECT > > #Limitando Navegacion a IP > #========================== > acl maxuser max_user_ip -s 1 > > ######access group_ldap####### > acl total external adgroup total > acl nacional external adgroup nacional > acl surftime time SMTWHFA 00:00-23:59 > > #acls GEIA > #================= > acl redlocal src 10.16.0.0/22 > acl geia dstdomain .geia.cu > acl webserver src 10.16.0.0/22 > > ####acl jabber######### > acl jabber dstdomain jabber.geia.cu > > #######access to domain####### > acl cuba dstdomain .cu > acl sitios url_regex "/etc/squid/nacional" > acl porno url_regex "/etc/squid/prohibidos" > acl social url_regex "/etc/squid/red_social" > acl ip dstdomain 0.0.0.0/24 > > > ####Delay pool#### agregadas por mi > #++++++++++++++++++++++++++++++++++++++++++++++++++ > > delay_pools 1 > delay_class 1 1 > > delay_parameters 1 25120/21004 > acl magic_word url_regex \.mp3 .vqf .tar.gz .gz .rpm .avi .mpeg .ram > .rm .iso .raw .wav .mp4 .flv .mov$ > delay_access 1 allow magic_word > > #delay_pools 1 > #delay_class 1 2 > #delay_parameters 1 100960/840960 80480/60480 > #acl publicidad url_regex http://* > #delay_access 1 allow publicidad > > > # Restringe la cantidad de conexiones (Limita -> IDA, DAP, downthemall, > etc) > acl descargas urlpath_regex -i \.avi$ \.mp4$ \.mp3$ \.mpg$ \.mpeg$ > \.mov$ \.ram$ \.vob$ > acl maxcon maxconn 1 > http_access deny descargas maxcon > > > > #+++++++++++++++++++++++++++++++++++++++++++++++++++++ > > # TAG: http_access > #always_direct allow chat > always_direct allow geia > always_direct allow jabber > always_direct deny all > # > > > #Recommended minimum configuration: > # > # Only allow cachemgr access from localhost > http_access allow manager localhost > http_access allow manager webserver > http_access allow purge localhost > http_access allow localhost > http_access allow geia > #http_access deny manager > http_access deny purge > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > > # > # We strongly recommend the following be uncommented to protect > innocent > # web applications running on the proxy server who think the only > # one who can access services on "localhost" is a local user > # > > > #+++++++++++ HTTP_ACCESS ++++++++++++++++++++++++++++++++++++++++++ > > ######control de acceso a sitios###### > http_access allow total auth !porno > http_access allow nacional auth cuba > http_access allow localhost > http_access deny social > http_access deny porno > http_access deny !total > http_access deny !nacional > http_access deny ip > http_access deny !redlocal > http_access deny maxuser > http_access deny to_localhost > http_access deny all > #broken_vary_encoding allow apache > icp_access deny all > miss_access allow all > > > # ERROR PAGE OPTIONS > # > ----------------------------------------------------------------------- > ------ > > # TAG: error_directory > error_directory /usr/share/squid/errors/Spanish/ > > # OPTIONS INFLUENCING REQUEST FORWARDING > # > ----------------------------------------------------------------------- > ------ > > # TAG: nonhierarchical_direct > nonhierarchical_direct off > > # DNS OPTIONS > # > ----------------------------------------------------------------------- > ------ > > # TAG: dns_nameservers > dns_nameservers 192.168.100.2 > > # MISCELLANEOUS > # > ----------------------------------------------------------------------- > ------ > forwarded_for off > half_closed_clients off > > icon_directory /usr/share/squid/icons > # TAG: coredump_dir > #coredump_dir c:/squid/var/cache > cache deny QUERY > hostname_aliases proxy.geia.cu > > #icp_port 0 > > agradecido de ante mano > > > -- > Este mensaje ha sido analizado por MailScanner > en busca de virus y otros contenidos peligrosos, > y se considera que está limpio. > > ______________________________________________________________________ > Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba. > Gutl-l@jovenclub.cu > https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
Bueno y porque empleas auth_param con basic y ntlm al mismo tiempo???? -- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que está limpio. ______________________________________________________________________ Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba. Gutl-l@jovenclub.cu https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l
