On Sat, 19 Feb 2005, Colin O'Keeffe wrote:
I new to squid, very new! All i can do is compile it
Now heres the story. I have my users in a MySQL db that RADIUS uses to authenticate them.
The user, in there IP Configuration has a gateway in of the router. Now when they make a request the request is routed to Squid. (alot of people do this ?)
MY question is, can i use the MySQL db with users info in it to act as an ACL so i can turn on / off peoples access through the proxy (if there being naughty) ? Would SQUID be able to know which IP the request is coming from if its going through a router?
If you can devise a method whereby you can look up the username from the IP address then you can plug this into Squid via the external_acl directive.
If you configure the clients to use the proxy you can also configure Squid to require authentication, asking the user to provide his login+password and have Squid verify this either directly to MySQL or via RADIUS. This is done via the "auth_param basic program" directive.
As there is no standard on how accounts are stored in MySQL databases there is no standard helper available, but writing an authentication helper to Squid is not hard. All the helper need to do is to read username passwords pairs as input and echo back OK/ERR indicating if the login was valid or not.
Similar for the external_acl helpers. These just reads the data specified as input (in your case the client IP) and echos back if this is OK and optionally which username to associate the request with.
Regards Henrik
