effective acl for tcp_outgoing_address

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

effective acl for tcp_outgoing_address

Hideyuki Kawai

Hi, this is Kawai.

 

Now, I'm trying to set up squid4.x on centOS, but, have one issue.

Please let me send inquiry as followings.

 

### Requirement ###

The squid is required as follows.

1. Kerberos auth with Active Directory : auth_param .....       <- Success

2. "Security group" check which is gotten from AD : external_acl_type ...(using ext_kerberos_ldap_group_acl)   <- success

3. Using different outgoing IP based on "Security group" : tcp_outgoing_address + external_acl  <- fail (can not work)

 

=== sample configuration which I tested. (but, it did not work) ===

external_acl_type kerberos_ldap_group1 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl g GROUP1

external_acl_type kerberos_ldap_group2 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl g GROUP2

acl group1 external kerberos_ldap_group1

acl group2 external kerberos_ldap_group2

tcp_outgoing_address 10.1.0.1 group1

tcp_outgoing_address 10.1.0.2 group2

 

 

### Inquiry ###

Based on the web site, tcp_outgoing_address is NOT support "external_acl". Because the external_acl type is slow.

In this case, how to configure the squid.conf to satisfy my requirement?

 

Please let me inform your comment and knowledge.

Thanks in advance.

 

-------------------------------------

[hidden email]

-------------------------------------

 


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: effective acl for tcp_outgoing_address

Eliezer Croitoru-3

Hey,

 

I can try to test/check this but I am missing the basic Kerberos auth with AD setup.

I have a working setup but the transparent authentication is not working for me.

 

Eliezer

 

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: [hidden email]

Zoom: Coming soon

 

 

From: squid-users <[hidden email]> On Behalf Of Hideyuki Kawai
Sent: Friday, January 22, 2021 11:23 AM
To: [hidden email]
Subject: [squid-users] effective acl for tcp_outgoing_address

 

Hi, this is Kawai.

 

Now, I'm trying to set up squid4.x on centOS, but, have one issue.

Please let me send inquiry as followings.

 

### Requirement ###

The squid is required as follows.

1. Kerberos auth with Active Directory : auth_param .....       <- Success

2. "Security group" check which is gotten from AD : external_acl_type ...(using ext_kerberos_ldap_group_acl)   <- success

3. Using different outgoing IP based on "Security group" : tcp_outgoing_address + external_acl  <- fail (can not work)

 

=== sample configuration which I tested. (but, it did not work) ===

external_acl_type kerberos_ldap_group1 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl g GROUP1

external_acl_type kerberos_ldap_group2 ttl=3600 negative_ttl=3600 %LOGIN /path/to/ext_kerberos_ldap_group_acl g GROUP2

acl group1 external kerberos_ldap_group1

acl group2 external kerberos_ldap_group2

tcp_outgoing_address 10.1.0.1 group1

tcp_outgoing_address 10.1.0.2 group2

 

 

### Inquiry ###

Based on the web site, tcp_outgoing_address is NOT support "external_acl". Because the external_acl type is slow.

In this case, how to configure the squid.conf to satisfy my requirement?

 

Please let me inform your comment and knowledge.

Thanks in advance.

 

-------------------------------------

[hidden email]

-------------------------------------

 


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users