Hi kalinix
Thanks fro your correct info. It now works as expected.
I am really happy about your rules.
Thank you very much
indunil
On 3/24/07, kalinix calin.kalinix.cosma@gmail.com wrote:
On Sat, 2007-03-24 at 12:06 +0530, Indunil Jayasooriya wrote:
Hi List,
I want to bind an ip address to a username with squid by using squid password file.
I am using ncsa_auth programme. Below are line that I have added to squid.conf file.
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off
acl ncsa_users proxy_auth REQUIRED http_access allow ncsa_users
We are currently browsing internet with usernames and passwords. But the problem is a user can access internet from all the workstation with his username and password. I do not need it. I only want a user to access internet from his machine.
Solution to that is binding an ip address to an username. Then, A user can access internet from that particular ip.
I searche a lot from the internet. I found some info. I tried a lot. But I still have not been able to solve this issue.
Some info I found from the Internet says perl script can do it.
pls see below ulrs for it.
http://iits.uap.edu.ph/~jpira/footnotes/squid.html
http://www.visolve.com/squid/squid30/externalsupport.php
Pls note that I am not a programmer. So I do not know any perl nor do I know any python stuff.
So I do not want to go with above urls.
But, I found an easy method from squid list. Pls see below URLS .
http://www.squid-cache.org/mail-archive/squid-users/200208/0033.html
http://www.squid-cache.org/mail-archive/squid-users/200208/0029.html
These above URLS are fine for me. The above URLS say,
put the IP add in squid passwd
I did it. Pls see below for my squid_passwd file.
[root@worldnet ~]# cat /etc/squid/squid_passwd indunil:TeiAQ3uqXDQNg:192.168.101.25 www:Oi4THedCcN0nQ web:qsTaT6v2loN5g
It has bound user indunil to ip address 192.168.101.25 .
But user indunil still can access internet from any ip . Why is that? Where did I go wrong?
I think that it is an easy task.
Pls help me to solve this issue. It is urgent.
-- Thank you Indunil Jayasooriya
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
You should check whether you have ip_user_check (locate ip_user_check). Normally it comes with squid installation, on CentOS it should be in /usr/lib/squid/.
Then you may want to generate a config file, which should contain the list of ips and users (like <IP> <USER>).
Then you should add a line in your squid config file (e.g. ip.txt): external_acl_type IP_USER %SRC %LOGIN /usr/lib/squid/ip_user_check -f /path/to/config/file/ip.txt
After ncsa acl you should define a new acl like this:
acl IP_USER external IP_USER %SRC %LOGIN
Once this has completed you may want to rewrite the rules, like:
http_access deny !ncsa_users http_access deny !IP_USER http_access allow IP_USER http_access allow ncsa_users
You can check the ip_user_check after you created the config file from a command line, issuing the comand:
/usr/lib/squid/ip_user_check -f /path/to/config/file/ip.txt
then if you type the right pair ip user you will get an OK message and if you have an wrong pair you will get an ERR message
For further reading:
http://devel.squid-cache.org/external_acl/
http://www.squid-cache.org/mail-archive/squid-users/200409/0961.html (the code might be a little fuzzy)
http://www1.ru.squid-cache.org/mail-archive/squid-users/200303/1304.html
http://linuxportal.ru/forums/index.php/m/31853/#msg_31853 (is in russian, but the code is still in english :D )
HTH
Calin
================================================= Appendix: A portion of a book, for which nobody yet has discovered any use.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Indunil Jayasooriya