@qawed

Squid авторизация basic_ncsa_auth + Авторизация по AD?

Добрый день.
OS
CentOS Linux release 7.8.2003 (Core)
Linux 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

На CentOS 7 настроил squid.
Авторизацию настроил по kerberos AD. Работает.
Авторизацию по логину и паролю тоже настроил (файл с логин/пароль).
Интересно то что по отдельности обе авторизации работают.
При включении авторизации по AD, авторизация по логину и паролю из файла - перестает работать.
Подскажите пожалуйста, можно ли настроить обе эти авторизации вместе?

Squid.conf
[root@belsrvgate1 squid]# squid -k parse
2020/09/21 09:44:59| Startup: Initializing Authentication Schemes ...
2020/09/21 09:44:59| Startup: Initialized Authentication Scheme 'basic'
2020/09/21 09:44:59| Startup: Initialized Authentication Scheme 'digest'
2020/09/21 09:44:59| Startup: Initialized Authentication Scheme 'negotiate'
2020/09/21 09:44:59| Startup: Initialized Authentication Scheme 'ntlm'
2020/09/21 09:44:59| Startup: Initialized Authentication.
2020/09/21 09:44:59| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2020/09/21 09:44:59| Processing: acl localnet src 192.168.50.0/24 # RFC1918 possible internal network
2020/09/21 09:44:59| Processing: acl localnet src 192.168.60.0/24 # RFC1918 possible internal network
2020/09/21 09:44:59| Processing: acl localnet src 192.168.23.0/24 # RFC1918 possible internal network
2020/09/21 09:44:59| Processing: auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -d -s HTTP/belsrvgate1.ias.local@IAS.LOCAL
2020/09/21 09:44:59| Processing: auth_param negotiate children 60
2020/09/21 09:44:59| Processing: auth_param negotiate keep_alive on
2020/09/21 09:44:59| Processing: acl auth proxy_auth REQUIRED
2020/09/21 09:44:59| Processing: auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/auth_users
2020/09/21 09:44:59| Processing: auth_param basic children 60
2020/09/21 09:44:59| Processing: auth_param basic realm MTS GW
2020/09/21 09:44:59| Processing: auth_param basic credentialsttl 1 minute
2020/09/21 09:44:59| Processing: acl user_auth proxy_auth REQUIRED
2020/09/21 09:44:59| Processing: http_access allow user_auth
2020/09/21 09:44:59| Processing: acl IP_ACL src "/etc/squid/IP_ACL" # Access List allow ip addresses
2020/09/21 09:44:59| Processing: acl SSL_ports port 443
2020/09/21 09:44:59| Processing: acl Safe_ports port 80 # http
2020/09/21 09:44:59| Processing: acl Safe_ports port 21 # ftp
2020/09/21 09:44:59| Processing: acl Safe_ports port 443 # https
2020/09/21 09:44:59| Processing: acl Safe_ports port 70 # gopher
2020/09/21 09:44:59| Processing: acl Safe_ports port 210 # wais
2020/09/21 09:44:59| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2020/09/21 09:44:59| Processing: acl Safe_ports port 280 # http-mgmt
2020/09/21 09:44:59| Processing: acl Safe_ports port 488 # gss-http
2020/09/21 09:44:59| Processing: acl Safe_ports port 591 # filemaker
2020/09/21 09:44:59| Processing: acl Safe_ports port 777 # multiling http
2020/09/21 09:44:59| Processing: acl CONNECT method CONNECT
2020/09/21 09:44:59| Processing: http_access deny !Safe_ports
2020/09/21 09:44:59| Processing: http_access deny CONNECT !SSL_ports
2020/09/21 09:44:59| Processing: http_access allow localhost manager
2020/09/21 09:44:59| Processing: http_access deny manager
2020/09/21 09:44:59| Processing: http_access allow auth
2020/09/21 09:44:59| Processing: http_access allow IP_ACL
2020/09/21 09:44:59| Processing: http_access allow localhost
2020/09/21 09:44:59| Processing: http_access deny all
2020/09/21 09:44:59| Processing: http_port 3128
2020/09/21 09:44:59| Processing: error_directory /usr/share/squid/errors/ru-ru
2020/09/21 09:44:59| Processing: error_default_language ru
2020/09/21 09:44:59| Processing: cache_dir ufs /var/spool/squid 1024 32 256
2020/09/21 09:44:59| Processing: coredump_dir /var/spool/squid
2020/09/21 09:44:59| Processing: refresh_pattern ^ftp: 1440 20% 10080
2020/09/21 09:44:59| Processing: refresh_pattern ^gopher: 1440 0% 1440
2020/09/21 09:44:59| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2020/09/21 09:44:59| Processing: refresh_pattern . 0 20% 4320
2020/09/21 09:44:59| Initializing https proxy context
  • Вопрос задан
  • 184 просмотра
Пригласить эксперта
Ответы на вопрос 1
CityCat4
@CityCat4
//COPY01 EXEC PGM=IEBGENER
В гугле забанили? :) На тему аутентификации в AD и по локальным спискам статьи писались еще в начале нулевых - и с тех пор ничего не изменилось.
Ответ написан
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Похожие вопросы