|
"Squid NT - как отфильтровать группу" |
Сообщение от tuskan   (ok) on 28-Май-07, 17:39 |
ставлю squid 2.6
домен на win2003
в конфиге добавлено:
auth_param ntlm program c:/squid/squid/libexec/mswin_ntlm_auth.exe --helper-protocol=squid-2.5-ntlmssp --require-membership-of="VBG_TN@InetUsers"
auth_param ntlm children 10
auth_param ntlm keep_alive on
тоесть по логике на прокси авторизуются ТОЛЬКО доменные пользователи и ТОЛЬКО из локальной группы InetUsers
Но пускает всех.
хотя записи в логах есть :
1180358810.096 31 192.168.11.199 TCP_DENIED/407 2059 GET http://polo.imageg.net/include/frontdoor.css - NONE/- text/html
1180358810.627 765 192.168.11.199 TCP_MISS/200 9141 GET http://www.polo.com/frontdoor/index.jsp vbg_tn\student DIRECT/63.240.110.250 text/html
1180358811.221 1125 192.168.11.199 TCP_MISS/200 941 GET http://polo.imageg.net/include/frontdoor.css vbg_tn\student DIRECT/84.53.139.27 text/css
1180358811.596 375 192.168.11.199 TCP_MISS/200 19237 GET http://polo.imageg.net/include/mbox.js vbg_tn\student DIRECT/84.53.139.27 application/x-javascript
1180358812.643 1047 192.168.11.199 TCP_MISS/200 364 GET http://geo.offermatica.com/geocity? vbg_tn\student DIRECT/69.20.17.27 application/x-javascript
1180358813.252 609 192.168.11.199 TCP_MISS/200 391 GET http://mbox5.offermatica.com/m2/polocom/mbox/standard? vbg_tn\student DIRECT/66.150.139.10 text/JavaScript
1180358814.815 1563 192.168.11.199 TCP_MISS/200 728 GET http://switch.atdmt.com/action/nycpol_frontgatepage_1 vbg_tn\student DIRECT/12.130.60.5 image/gif
1180358815.049 1797 192.168.11.199 TCP_MISS/200 137044 GET http://polo.imageg.net/frontdoor/FrontDoor3staticbackup.jpg? vbg_tn\student DIRECT/84.53.139.27 image/jpeg
1180358815.627 172 192.168.11.199 TCP_MISS/200 8736 GET http://polo.imageg.net/include/flashobject.js vbg_tn\student DIRECT/84.53.139.27 application/x-javascript
1180358815.830 781 192.168.11.199 TCP_MISS/200 6227 GET http://www.polo.com/frontdoor/index.jsp? vbg_tn\student DIRECT/63.240.110.250 text/html
1180358815.955 296 192.168.11.199 TCP_MISS/200 364 GET http://geo.offermatica.com/geocity? vbg_tn\student DIRECT/69.20.17.27 application/x-javascript
1180358816.190 219 192.168.11.199 TCP_MISS/200 391 GET http://mbox5.offermatica.com/m2/polocom/mbox/standard? vbg_tn\student DIRECT/66.150.139.10 text/JavaScript
1180358816.237 0 192.168.11.199 TCP_DENIED/407 1859 GET http://mbox5.offermatica.com/m2/polocom/mbox/standard? - NONE/- text/html
1180358816.268 31 192.168.11.199 TCP_DENIED/407 2089 GET http://mbox5.offermatica.com/m2/polocom/mbox/standard? - NONE/- text/html
1180358816.580 390 192.168.11.199 TCP_MISS/304 649 GET http://switch.atdmt.com/action/nycpol_frontgatepage_1 vbg_tn\student DIRECT/12.130.60.5 -
1180358816.862 594 192.168.11.199 TCP_MISS/200 383 GET http://mbox5.offermatica.com/m2/polocom/mbox/standard? vbg_tn\student DIRECT/66.150.139.10 text/JavaScript
1180358817.346 1141 192.168.11.199 TCP_MISS/200 80056 GET http://polo.imageg.net/frontdoor/FrontDoor1flash.swf vbg_tn\student DIRECT/84.53.139.27 application/x-shockwave-flash
1180358817.377 515 192.168.11.199 TCP_MISS/200 17756 GET http://polo.imageg.net/include/omniture.js vbg_tn\student DIRECT/84.53.139.34 application/x-javascript
1180358817.627 140 192.168.11.199 TCP_MISS/200 698 GET http://polo.imageg.net/include/minicartOmni.js vbg_tn\student DIRECT/84.53.139.34 application/x-javascript
1180358818.440 1063 192.168.11.199 TCP_MISS/302 1203 GET http://datag.polo.com/b/ss/polocom/1/G.9-Pd-R/s21366986747075? vbg_tn\student DIRECT/128.242.125.9 text/plain
1180358818.971 531 192.168.11.199 TCP_MISS/200 638 GET http://datag.polo.com/b/ss/polocom/1/G.9-Pd-R/s21366986747075? vbg_tn\student DIRECT/128.242.125.13 image/gif
Где student - пользователь не из группы InetUsers но он проходит..
что сделано не верно?
|
| Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору |
Вариант для распечатки
Настройка Squid и других прокси серверов (Public)
