Net Access User Authentication

[hysterik]

First, in my configuration I like to remove the default comments. It makes things easier to read. I keep a back up file with full comments.

Second, there seem to be a number of things wrong with your configuration file.

1. You don't need AuthorizedUsers, you have ncsa_users and that is sufficient. AuthorizedUsers is a string that I use myself, but you don't have to use it.

2. You have http_access deny all in there twice. That shouldn't be.

http_access deny all (remove this)
http_access allow ncsa_users !users !servers !porn !HR !operation
http_access allow AuthorizedUsers (remove this)

3. http_reply_access allow all should follow http_access deny all, not come before it. It might not matter, but that is how I use it.

The ACLs you've defined seem convoluted to me. Perhaps you should run a second squid proxy instance on a different port, and then test that by removing (commenting) out most of those ACL definitions. You should start out with something simple until you figure out what is causing your problem, then go back and add the various ACL settings. Your layout just seems really odd. You should make sure your denys are coming before your allows. You have a number of allows preceding, and these could be trumping what you have lower. Remember, it is first match. For example,

Code:

acl users src "/etc/squid/usersComputers"
acl usersBlockedsites url_regex -i "/etc/squid/usersSites"
http_access allow users !usersBlockedsites

What is "usersComputers"? If that includes desktops, then what you have here is going to allow people out unless the target site falls under "usersBlockedsites". This will occur no matter your authentication following. Perhaps you should remove these 3 lines completely, if you are requiring authentication from any "usersComputers".

Further, you might consider using either dansguardian, squidguard, or ufdbguard instead of text files for your filtering. Dansguardian may not play well with authentication because of where it is situated with squid. I personally use ufdbguard and it works well. With an effective filtering solution in place, you may not even need authentication.

[D.Brumn]

How can i be a super user from bootup without typing the su and the password in the terminal...Also i want to run a python script that runs from bootup without the user going and calling it personally from the terminalANy ideas ??

[hysterik]

How can i be a super user from bootup without typing the su and the password in the terminal...Also i want to run a python script that runs from bootup without the user going and calling it personally from the terminalANy ideas ??

Why do you want to be a super user on boot? If you don't know the answer to that, then you probably shouldn't be doing that. If you want a script to run on boot, simply add it to /etc/rc.local.