I just put iptables on our squid box and noticed some very strange
activity (IPs have been changed to protect the innocent):
[44165032.82] Dropped default (OUTPUT): IN= OUT=eth0
SRC=MY.PROXY.IP.ADDRESS DST=SOME.RANDOM.IP.ADDR LEN=40 TOS=0x00
PREC=0x00 TTL=64 ID=41807 DF PROTO=TCP SPT=3128 DPT=
Indeed, after a bit of poking about it seems that you hit the nail on
the head now I am trying to figure out how to alter the expiration
times in iptables but that is a topic for another list if my google
time proves fruitless.
THANKS!
Pat
On Fri, 2007-05-04 at 21:52 +0200, Kinkie wrote:
This section works perfectly at my site
auth_param basic program /usr/lib/squid/ldap_auth
-bou=People,dc=iwu,dc=edu -f "(&(ProxyAccess=yes)(uid=%s))"
ldap.domain.tld:389
It binds as the user doing the login so no passwords need to be
recorded.
Pat
On Tue, 2007-05-15 at 14:40 +0200, Frank Bonne
GIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi Pat, squid-users,
>
> On 05/15/2007 09:55 AM, Pat Riehecky wrote:
> > This section works perfectly at my site
> >
> > auth_param basic program /usr/lib/squid/ldap_auth
> > -bou=People,dc=iwu,dc=edu -f "(&
Or depending on your setup and server os you could have squid point at
pam and have pam utilize the 3 ldap servers as the back end...
The former suggestion is better in my opinion, but pam would get the job
done (while introducing the joys of winbind possibly)
The script makes more sense but
This is a bit of a odd duck, but
The university I work for has a bunch of library pages that can only be
accessed from on campus as they are hosted off site and authenticated by
IP address. However, they want currently enrolled students to be able
to use those pages from off campus as about 3
