- Este tópico contém 1 resposta, 1 voz e foi atualizado pela última vez 10 anos, 11 meses atrás por
.
-
Posts
-
-
Pessoal por favor alguém sabe como autenticar o proxy no openldap.
Já tentei de todas as maneiras e não funcionou, segue abaixo meu squid.conf
Se alguém puder me ajudar eu agradeço e muito.
Uso o endian 3.0.5
Marcos Fuga
**********************************shutdown_lifetime 1 seconds
icp_port 0workers 1
http_port 0.0.0.0:3128 ssl-bump cert=/var/efw/proxy/https_cert generate-host-certificates=on
http_port 0.0.0.0:18080 intercept ssl-bump cert=/var/efw/proxy/https_cert generate-host-certificates=on
https_port 0.0.0.0:18081 intercept ssl-bump cert=/var/efw/proxy/https_cert generate-host-certificates=onssl_bump none localhost
acl bypass_windows dstdomain “/etc/squid/acls/https_bypass_rules.acl”
ssl_bump none bypass_windows
ssl_bump server-first all
acl https_proto proto https
always_direct allow https_proto
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEERhttp_port 127.0.0.1:8080
cache_effective_user squid
cache_effective_group squidpid_filename /var/run/squid.pid
cache_mem 40 MB
cache_dir rock /var/spool/squid 500 max-size=32768
error_directory /usr/share/squid/errors/en
icon_directory /usr/share/squid/icons
max_filedesc 38587
server_persistent_connections off
half_closed_clients off
buffered_logs on# START LOG
cache_log /var/log/squid/cache.log
access_log syslog:local6.info
cache_store_log noneaccess_log syslog:local4.info useragent
#/var/log/squid/useragent.log
strip_query_terms offlog_mime_hdrs off
# END LOG# FORWARD IP ADDRESS
forwarded_for delete# START AUTHENTICATION
auth_param basic program /usr/lib/squid/basic_ldap_auth -b dc=aesc,dc=org,dc=br -d -D cn=Administrator,ou=people,dc=pwaesc,dc=org,dc=br -w Senha -f “(&(objectClass=people)(sAMAccountName=%s))” -u sAMAccountName -v 3 -P 192.168.0.100:389# METHOD is LDAP
auth_param basic children 20
auth_param basic realm *
auth_param basic credentialsttl 60 minutes
external_acl_type ldap_group ttl=300 %LOGIN /usr/lib/squid/ext_ldap_group_acl -b dc=aesc,dc=org,dc=br -d -D cn=Administrator,ou=people,dc=pwaesc,dc=org,dc=br -w senha -f “(&(objectClass=people)(sAMAccountName=%u)(memberOf=%g))” -v 3 -P 192.168.0.100:389acl for_auth_rule0 proxy_auth “/etc/squid/groups/rule0”
acl for_auth_users proxy_auth REQUIREDauthenticate_ip_ttl 5 minutes
acl concurrent max_user_ip -s 2
# END AUTHENTICATION# network – acls
acl from_all src all
acl to_all dst allacl from_localhost src 127.0.0.1/32
acl CONNECT method CONNECTacl to_http_port port 80
acl to_https_port port 10443
acl to_proxy_port port 3128# proxy interfaces – acls
acl to_green_interface dst 192.168.0.221acl from_green src “/etc/squid/acls/green_subnets.acl”
acl to_green dst “/etc/squid/acls/green_subnets.acl”# allowed ports – acls
acl allowed_ports port “/etc/squid/acls/ports.acl”
acl allowed_sslports port “/etc/squid/acls/sslports.acl”acl within_timeframe_rule0 time MTWHFAS 00:00-24:00
# caching settings
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320cache deny from_localhost
cache deny CONNECT
cache allow from_all# http access to cachemanager
acl cachemanageracl proto cache_object
http_access allow cachemanageracl from_localhost
http_access deny cachemanageracl# snmp access settings
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic from_localhost
snmp_access deny from_all# http access to squid
http_access allow from_localhost
http_access allow from_green to_green_interface to_http_port
http_access allow from_green to_green_interface to_https_port
http_access allow CONNECT from_green to_green_interface to_https_port
http_access deny to_green_interface to_https_port
http_access deny to_green_interface to_proxy_porthttp_access deny !allowed_ports !allowed_sslports
http_access deny CONNECT !allowed_sslportshttp_access allow within_timeframe_rule0 for_auth_rule0
http_access deny from_all# http reply access rules
http_reply_access allow from_localhost
http_reply_access allow within_timeframe_rule0 for_auth_rule0
http_reply_access deny from_all# max/min object size
maximum_object_size 1024 KB
minimum_object_size 0 KBvisible_hostname afw.aesc.org.br
# begin custom.tmpl
# end custom.tmplinclude /etc/squid/squid.conf.d/*.conf
🚀 Apresentando o Hotspot Beacon! 🚀
Desbloqueie o potencial do seu Wi-Fi com o Hotspot Beacon. Personalize sua página de acesso para mostrar anúncios, promoções ou informações e engajar seus clientes, impulsionando o seu negócio.
💡 Principais Funcionalidades:
- Interface amigável e intuitiva
- Opções de personalização completas para sua marca
- Gerenciamento de propagandas e promoções
- Integração fácil com sistemas existentes via API
- Limitação de velocidade ou largura de banda por usuário
- Controle de acesso por horário
🔗 Confira o site para saber mais: https://hotspotbeacon.com -
-
- O tópico ‘proxy com openldap’ está fechado para novas respostas.