> root@proxy:/etc/squid3# /usr/lib/squid3/basic_ldap_auth -R -b "dc=test,dc=loca

1. > root@proxy:/etc/squid3# /usr/lib/squid3/basic_ldap_auth -R -b "dc=test,dc=local" -D squid@test.local -w Slaptazodis123 -f sAMAccountName=%s -h forest.test.local
2. > tst001ak1 Slaptazodis1234 OK
3. > tst001ak1 Slaptazodis123 ERR Success
4. > tst001ak2 Slaptazodis1234 OK
5. > tst001ak2 Slaptazodis123 ERR Success
6.  
7. > root@proxy:/etc/squid3# /usr/lib/squid3/ext_ldap_group_acl -R -b "dc=test,dc=local" -D squidy@test.local -w Slaptazodis123 -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=SecurityGroups,ou=Kaunas,ou=Sites,dc=test,dc=local))" -h forest.test.local
8. > tst001ak1 SG_Blacklist OK
9. > tst001ak1 SG_Whitelist ERR
10. > tst001ak2 SG_Blacklist OK
11. > tst001ak2 SG_Whitelist ERR
12.  
13. auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -d -s GSS_C_NO_NAME auth_param negotiate children 10 auth_param negotiate keep_alive off
14.  
15.  
16. auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b "dc=test,dc=local" -D squidy@test.local -w Slaptazodis123 -f sAMAccountName=%s -h forest.test.local auth_param basic children 5 auth_param basic realm Welcome to Proxy auth_param basic credentialsttl 2 hours
17.  
18. external_acl_type memberof %LOGIN /usr/lib/squid3/ext_ldap_group_acl -R -b "dc=test,dc=local" -D squidy@test.local -w Slaptazodis123 -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=SecurityGroups,ou=Kaunas,ou=Sites,dc=test,dc=local))" -h forest.test.local
19.  
20. acl auth proxy_auth REQUIRED
21.  
22. acl Blacklist external memberof SG_Blacklist
23. acl Whitelist external memberof SG_Whitelist
24. acl Full external memberof "/etc/squid3/full.txt"
25. acl wsites dstdomain "/etc/squid3/wsites.txt"
26. acl bsites dstdomain "/etc/squid3/bsites.txt"
27. acl priority dstdomain "/etc/squid3/priority.txt"
28. acl SSL_ports port 443
29. acl Safe_ports port 80 # http
30. acl Safe_ports port 21 # ftp
31. acl Safe_ports port 443 # https
32. acl Safe_ports port 70 # gopher
33. acl Safe_ports port 210 # wais
34. acl Safe_ports port 1025-65535 # unregistered ports
35. acl Safe_ports port 280 # http-mgmt
36. acl Safe_ports port 488 # gss-http
37. acl Safe_ports port 591 # filemaker
38. acl Safe_ports port 777 # multiling http
39.  
40. acl CONNECT method CONNECT
41.  
42. http_access deny !Safe_ports
43.  
44. #sites allowed for everyone http_access allow priority
45.  
46. http_access deny !auth
47. http_access allow Full !wsites
48. http_access allow Whitelist !bsites
49. http_access allow Blacklist !bsites
50. http_access deny all
51.  
52. http_port 3128
53. access_log /var/log/squid3/access.log squid
54. refresh_pattern ^ftp: 1440 20% 10080
55. refresh_pattern ^gopher: 1440 0% 1440
56. refresh_pattern -i (/cgi-bin/|?) 0 0% 0
57. refresh_pattern . 0 20% 4320
58. # Leave coredumps in the first cache dir
59. coredump_dir /var/spool/squid3
60.  
61. 1501157073.419 0 10.103.22.4 TCP_DENIED/403 3686 GET http://api.bing.com/qsml.aspx? tst001ak2@TEST.LOCAL HIER_NONE/- text/html
62. 1501157073.511 0 10.103.22.4 TCP_DENIED/403 3687 GET http://api.bing.com/qsml.aspx? tst001ak2@TEST.LOCAL HIER_NONE/- text/html
63. 1501157073.627 0 10.103.22.4 TCP_DENIED/403 3688 GET http://api.bing.com/qsml.aspx? tst001ak2@TEST.LOCAL HIER_NONE/- text/html
64. 1501157073.704 0 10.103.22.4 TCP_DENIED/403 3689 GET http://api.bing.com/qsml.aspx? tst001ak2@TEST.LOCAL HIER_NONE/- text/html
65. 1501157073.744 0 10.103.22.4 TCP_DENIED/403 3690 GET http://api.bing.com/qsml.aspx? tst001ak2@TEST.LOCAL HIER_NONE/- text/html
66. 1501157073.798 0 10.103.22.4 TCP_DENIED/403 3691 GET http://api.bing.com/qsml.aspx? tst001ak2@TEST.LOCAL HIER_NONE/- text/html
67. 1501157073.970 0 10.103.22.4 TCP_DENIED/403 3586 GET http://google.com/ tst001ak2@TEST.LOCAL HIER_NONE/- text/html
68. 1501157073.980 0 10.103.22.4 TCP_DENIED/403 3727 GET http://www.squid-cache.org/Artwork/SN.png tst001ak2@TEST.LOCAL HIER_NONE/- text/html
69.  
70. negotiate_kerberos_pac.cc(368): pid=2778 :2017/07/27 15:11:58| negotiate_kerberos_auth: INFO: Got PAC data of lengh 480
71. negotiate_kerberos_pac.cc(186): pid=2778 :2017/07/27 15:11:58| negotiate_kerberos_auth: INFO: Found 2 rids
72. negotiate_kerberos_pac.cc(193): pid=2778 :2017/07/27 15:11:58| negotiate_kerberos_auth: Info: Got rid: 1107
73. negotiate_kerberos_pac.cc(193): pid=2778 :2017/07/27 15:11:58| negotiate_kerberos_auth: Info: Got rid: 513
74. negotiate_kerberos_pac.cc(255): pid=2778 :2017/07/27 15:11:58| negotiate_kerberos_auth: INFO: Got DomainLogonId S-1-5-21-1970744413-2672878646-2165510742
75. negotiate_kerberos_pac.cc(277): pid=2778 :2017/07/27 15:11:58| negotiate_kerberos_auth: INFO: Found 1 ExtraSIDs
76. negotiate_kerberos_pac.cc(325): pid=2778 :2017/07/27 15:11:58| negotiate_kerberos_auth: INFO: Got ExtraSid S-1-18-1
77. negotiate_kerberos_pac.cc(448): pid=2778 :2017/07/27 15:11:58| negotiate_kerberos_auth: INFO: Read 476 of 480 bytes
78. negotiate_kerberos_auth.cc(426): pid=2778 :2017/07/27 15:11:58| negotiate_kerberos_auth: DEBUG: Groups group=AQUAAAAAAAUVAAAAXSx3dTbkUJ9WEhOBUwQAAA== group=AQUAAAAAAAUVAAAAXSx3dTbkUJ9WEhOBAQIAAA== group=AQEAAAAAABIBAAAA
79. negotiate_kerberos_auth.cc(431): pid=2778 :2017/07/27 15:11:58| negotiate_kerberos_auth: DEBUG: AF oYG2MIGzoAMKAQChCwYJKoZIhvcSAQICooGeBIGbYIGYBgkqhkiG9xIBAgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARuZJS/UnCaLjDtwNQK/BgUGe+MRw5up5QJMBWn/v0sooQPNvAjkIXYVxuoNM8oTC2kGrD7unOqm2M8TGlbMY2wbFjwhyiSb4KN6NHot27OFWULpTSbBWF/CzBNsf+GfSLddcEkZ8yHnvXae+f72yI= tst001ak2@TEST.LOCAL
80.  
81. 1501157268.904 75 10.103.22.4 TCP_MISS/302 619 GET http://google.com/ tst001ak1 HIER_DIRECT/216.58.201.174 text/html
82. 1501157313.305 149 10.103.22.4 TCP_MISS/200 788 GET http://api.bing.com/qsml.aspx? tst001ak1 HIER_DIRECT/13.107.5.80 text/html
83. 1501157313.492 0 10.103.22.4 TCP_DENIED/403 3687 GET http://facebook.com/ tst001ak1 HIER_NONE/- text/html
84. 1501157316.489 103 10.103.22.4 TCP_MISS_ABORTED/000 0 GET http://api.bing.com/qsml.aspx? tst001ak1 HIER_DIRECT/13.107.5.80 -
85. 1501157316.510 0 10.103.22.4 TCP_DENIED/403 3794 GET http://youtube.com/ tst001ak1 HIER_NONE/- text/html
86.  
87. negotiate_kerberos_pac.cc(368): pid=2778 :2017/07/27 15:09:54| negotiate_kerberos_auth: INFO: Got PAC data of lengh 520
88. negotiate_kerberos_pac.cc(186): pid=2778 :2017/07/27 15:09:54| negotiate_kerberos_auth: INFO: Found 2 rids
89. negotiate_kerberos_pac.cc(193): pid=2778 :2017/07/27 15:09:54| negotiate_kerberos_auth: Info: Got rid: 1107
90. negotiate_kerberos_pac.cc(193): pid=2778 :2017/07/27 15:09:54| negotiate_kerberos_auth: Info: Got rid: 512
91. negotiate_kerberos_pac.cc(255): pid=2778 :2017/07/27 15:09:54| negotiate_kerberos_auth: INFO: Got DomainLogonId S-1-5-21-1970744413-2672878646-2165510742
92. negotiate_kerberos_pac.cc(277): pid=2778 :2017/07/27 15:09:54| negotiate_kerberos_auth: INFO: Found 1 ExtraSIDs
93. negotiate_kerberos_pac.cc(325): pid=2778 :2017/07/27 15:09:54| negotiate_kerberos_auth: INFO: Got ExtraSid S-1-18-1
94. negotiate_kerberos_pac.cc(448): pid=2778 :2017/07/27 15:09:54| negotiate_kerberos_auth: INFO: Read 480 of 520 bytes
95. negotiate_kerberos_auth.cc(426): pid=2778 :2017/07/27 15:09:54| negotiate_kerberos_auth: DEBUG: Groups group=AQUAAAAAAAUVAAAAXSx3dTbkUJ9WEhOBUwQAAA== group=AQUAAAAAAAUVAAAAXSx3dTbkUJ9WEhOBAAIAAA== group=AQEAAAAAABIBAAAA
96. negotiate_kerberos_auth.cc(431): pid=2778 :2017/07/27 15:10:55| negotiate_kerberos_auth: DEBUG: AF oYG2MIGzoAMKAQChCwYJKoZIhvcSAQICooGeBIGbYIGYBgkqhkiG9xIBAgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARumhMB/ZuwMeLgbxtxm6xJKbQqiYgw87IPDyOG8vE4SaSEA012z99K06RmWeiHBsF1zbJhZYEZZg6QQspaKvjc05B6+DbVJ0XhkttPf1dhulZPQ/WmTeEg/uZ0saiqB0P3ecriPZZfr27/GwNgmMI= tst001ak1@TEST.LOCAL