Hi ppl!
I'm getting an annoying problem with Squid 5.5 (work ok on old Squid 2.6)
My "delay_class" simple DON'T with if I use a acl external (helper - LDAP
or winbind [ext_wbinfo_group_acl], same problem), delay_class work ok using
a acl proxy_auth or acl src.... but nothing with a external.
I need to use external bcoz I use groups to specify Internet speed/policy
per user.
All I get on cache.log it's this WARNING (Googled this one but don't find
nothing helpful):
================================================================
2024/09/10 14:30:28 kid1| WARNING: Group_Internet ACL is used in context
without an ALE state. Assuming mismatch.
current master transaction: master62
================================================================
Anyone can give me a hand on this one??
Thanks a lot!!!
Carlos
Bellow there my sample squid.conf:
================================================================
acl SSL_ports port 443 6443 8443 8080 8008
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access deny to_localhost
http_port 8080
cache_dir ufs /var/spool/squid 8192 32 128
coredump_dir /var/spool/squid
auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -k
/etc/squid/HTTP.keytab -s HTTP/ser...@realm.lan
auth_param negotiate children 20 startup=2 idle=2
external_acl_type AD ttl=360 children-startup=2 children-max=20
children-idle=2 %LOGIN /usr/lib64/squid/ext_ldap_group_acl -Z -K -R -d -h
192.168.0.10 -b "dc=realm,dc=lan" -D "cn=squid,cn=Users,dc=realm,dc=lan" -w
password1234 -f "(&(cn=%u)(memberof=cn=%g,cn=Users,dc=realm,dc=lan))"
acl kerb-auth proxy_auth REQUIRED
acl Group_Internet external AD Internet_Access
acl User proxy_auth car...@realm.lan
acl src_carlos_ip src 192.168.0.100
http_access allow Group_Internet # work!
http_access deny all
delay_pools 2
delay_class 1 2
delay_class 2 2
delay_parameters 1 4096000/4096000 2048000/2048000
delay_parameters 2 2048000/2048000 512000/512000
delay_access 1 allow Group_Internet # won't work (Squid ignore it and pass
to next delay_access)
#delay_access 1 allow User # work!
#delay_access 1 allow src_carlos_ip # work!
delay_access 1 deny all
delay_access 2 allow all
###############################################################
#
delay_access 1 allow Group_Internet # won't work (Squid ignore it and pass
to next delay_access)
#delay_access 1 allow User # work!
#delay_access 1 allow src_carlos_ip # work!
delay_access 1 deny all
#
delay_access 2 allow all
================================================================
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
