Authenticating Squid 3.5 with Active Directory (samba 4) on Ubuntu 16.04? [closed]
Clash Royale CLAN TAG#URR8PPP
I need authenticate a squid 3.5 with a Active Directory build (over SAMBA4)
POST-DATA: This ubuntu is already joined to the Active Directory built on SAMBA4
I do not know if the problem is in the auth line: auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -b dc=X1,dc=X2,dc=X3,dc=X4 -D CN=auth,CN=Users,DC=X1,DC=X2,DC=X3,dc=X4 -w PASSWORD -f sAMAccountName=%s -h X1.X2.X3.X4
#------------------------------------------- GENERAL CONFIGURATION ----------------------------------------------
#
cache_mem 64 MB
#
# CACHE STATEMENT FOR SQUID
cache_dir ufs /var/spool/squid 20480 16 256
#
client_netmask 255.255.255.255
dead_peer_timeout 10 seconds
#
#---------------------------------------------- AUTH CONFIGURATION ----------------------------------------------
#
auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -b dc=X1,dc=X2,dc=X3,dc=X4 -D CN=auth,CN=Users,DC=X1,DC=X2,DC=X3,dc=X4 -w PASSWORD -f sAMAccountName=%s -h X1.X2.X3.X4
#
#
# PATH FOR THE LOGS
cache_access_log /var/log/squid/access.log
cache_log none
cache_store_log none
useragent_log none
#cache_log /var/log/squid/cache.log
#cache_store_log /var/log/squid/store.log
#useragent_log /var/log/squid/useragent.log
#
auth_param basic children 5
error_directory /usr/share/squid/errors/Spanish
authenticate_ttl 1 hour
#
# TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?
#
# TAG: nonhierarchical_direct
nonhierarchical_direct off
cache_swap_low 95
cache_swap_high 98
maximum_object_size 524288 KB
maximum_object_size_in_memory 1024 KB
offline_mode off
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
#
# reply_header_max_size 20 KB
# TAG: request_header_max_size (KB)
# This specifies the maximum size for HTTP headers in a request.
# Request headers are usually relatively small (about 512 bytes).
# Placing a limit on the request header size will catch certain
# bugs (for example with persistent connections) and possibly
# buffer-overflow or denial-of-service attacks.
#Default:
request_header_max_size 64 KB
# TAG: client_request_buffer_max_size (bytes)
# This specifies the maximum buffer size of a client request.
# It prevents squid eating too much memory when somebody uploads
# a large file.
#Default:
client_request_buffer_max_size 512 KB
# TAG: request_body_max_size (KB)
request_body_max_size 0 KB
#
debug_options ALL,2
shutdown_lifetime 15 seconds
httpd_suppress_version_string on
#
# TAG: refresh_pattern
#------------------------------------------------- CACHE REFESH -------------------------------------------------
#
refresh_pattern -i ^ftp: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i ^http: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i ^gopher: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i . 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
#
refresh_pattern -i kaspersky 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i grisoft 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i avg 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i eset 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i nod_eval 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i symantec 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i avast 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i clamav 960 200% 2160 reload-into-ims override-expire override-lastmod
#
refresh_pattern -i (/cgi-bin/|?) 0 0 0
#
# IMAGENES
refresh_pattern -i .gif$ 14400 80% 43200
refresh_pattern -i .tiff?$ 14400 80% 43200
refresh_pattern -i .bmp$ 14400 80% 43200
refresh_pattern -i .jp?g$ 14400 80% 43200
refresh_pattern -i .xbm$ 14400 80% 43200
refresh_pattern -i .png$ 14400 80% 43200
refresh_pattern -i .wrl$ 14400 80% 43200
refresh_pattern -i .ico$ 14400 80% 43200
refresh_pattern -i .pnm$ 14400 80% 43200
refresh_pattern -i .pbm$ 14400 80% 43200
refresh_pattern -i .pgm$ 14400 80% 43200
refresh_pattern -i .ppm$ 14400 80% 43200
refresh_pattern -i .rgb$ 14400 80% 43200
refresh_pattern -i .ppm$ 14400 80% 43200
refresh_pattern -i .rgb$ 14400 80% 43200
refresh_pattern -i .xpm$ 14400 80% 43200
refresh_pattern -i .xwd$ 14400 80% 43200
refresh_pattern -i .pict?$ 14400 80% 43200
#
# MOVIES
refresh_pattern -i .mov$ 14400 80% 43200
refresh_pattern -i .mp?g?$ 14400 80% 43200
refresh_pattern -i .avi$ 14400 80% 43200
refresh_pattern -i .qtm?$ 14400 80% 43200
refresh_pattern -i .viv$ 14400 80% 43200
refresh_pattern -i .swf$ 14400 80% 43200
refresh_pattern -i .flv$ 14400 80% 43200
refresh_pattern -i .mp4$ 14400 80% 43200
refresh_pattern -i .mkv$ 14400 80% 43200
refresh_pattern -i .wmv$ 14400 80% 43200
#
# SOUNDS
refresh_pattern -i .wav$ 14400 80% 43200
refresh_pattern -i .aiff?$ 14400 80% 43200
refresh_pattern -i .au$ 14400 80% 43200
refresh_pattern -i .ram?$ 14400 80% 43200
refresh_pattern -i .snd$ 14400 80% 43200
refresh_pattern -i .mid$ 14400 80% 43200
refresh_pattern -i .mp2$ 14400 80% 43200
refresh_pattern -i .mp3$ 14400 80% 43200
refresh_pattern -i .ogg$ 14400 80% 43200
#
# ARCHIVES
refresh_pattern -i .sit$ 14400 80% 43200
refresh_pattern -i .zip$ 14400 80% 43200
refresh_pattern -i .7zip$ 14400 80% 43200
refresh_pattern -i .hqx$ 14400 80% 43200
refresh_pattern -i .exe$ 14400 80% 43200
refresh_pattern -i .arj$ 14400 80% 43200
refresh_pattern -i .lzh$ 14400 80% 43200
refresh_pattern -i .lha$ 14400 80% 43200
refresh_pattern -i .cab$ 14400 80% 43200
refresh_pattern -i .rar$ 14400 80% 43200
refresh_pattern -i .tar$ 14400 80% 43200
refresh_pattern -i .gz$ 14400 80% 43200
refresh_pattern -i .z$ 14400 80% 43200
refresh_pattern -i .a[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i .r[0-9][0-9]$ 14400 80% 43200
#
# DATA FILES
refresh_pattern -i .txt$ 14400 80% 43200
refresh_pattern -i .pdf$ 14400 80% 43200
refresh_pattern -i .doc$ 14400 80% 43200
refresh_pattern -i .rtf$ 14400 80% 43200
refresh_pattern -i .tex$ 14400 80% 43200
refresh_pattern -i .latex$ 14400 80% 43200
#
# JAVA-TYPE OBJECTS
refresh_pattern -i .class$ 14400 80% 43200
refresh_pattern -i .js$ 14400 80% 43200
refresh_pattern -i .class$ 14400 80% 43200
#
# WEB-TYPE OBJECTS
refresh_pattern -i .css$ 10 20% 4320
refresh_pattern -i .html?$ 10 20% 4320
refresh_pattern /$ 10 20% 4320
#
# TO AVOID PROBLEMS WITH .DO SCRIPTS
refresh_pattern -i .do$ 0 0% 1440
#
# TAG: quick_abort (KB)
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
# TAG: reload_into_ims on|off
reload_into_ims on
#
# TAG: collapsed_forwarding (on|off)
collapsed_forwarding on
#
# TAG: refresh_stale_hit (time)
refresh_stale_hit 10 seconds
#
# TAG: half_closed_clients
half_closed_clients off
#
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
append_domain .X1.X2.X3.X4
acl QUERY urlpath_regex cgi-bin ?
cache deny QUERY
#
# ACCESS CONTROL
#-----------------------------------------------------------------------------
#Defaults
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl sqstat src 172.16.5.0/255.255.255.255
acl working time MTWHF 08:00-17:00
acl not_working time MTWHF 17:01-23:59
acl early_morning time MTWHF 00:00-07:59
acl weekend time AS 00:00-23:59
acl downloads_restricted urlpath_regex "/etc/squid/rules/ext_restrict_list"
acl downloads urlpath_regex "/etc/squid/rules/ext_allow_list"
acl media_sites url_regex -i "/etc/squid/rules/media_sites_list"
acl threads maxconn 5
acl community snmp_community public
acl password proxy_auth REQUIRED
acl connect method CONNECT
acl X4_inside dstdomain .X4
acl sites-ok dstdomain "/etc/squid/rules/allow/sites_allow_list"
acl no_ip1 urlpath_regex .[0-9]3$.[a-zA-Z][0-9]2,$
acl no_ip2 dstdom_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+$
acl msn_messenger req_mime_type -i ^application/x-msn-messenger$
#
acl ext_audio_video urlpath_regex "/etc/squid/rules/restricted/ext_audio_video_list"
acl no_chat1 dstdomain "/etc/squid/rules/restricted/chat/chat_domains_list"
acl no_chat2 url_regex "/etc/squid/rules/restricted/chat/chat_urls_list"
acl no_filehosting1 dstdomain "/etc/squid/rules/restricted/filehosting/fhost_domains_list"
acl no_filehosting2 url_regex "/etc/squid/rules/restricted/filehosting/fhost_urls_list"
acl no_filesharing1 dstdomain "/etc/squid/rules/restricted/filesharing/fshare_domains_list"
acl no_filesharing2 url_regex "/etc/squid/rules/restricted/filesharing/fshare_urls_list"
acl no_instantmessaging1 dstdomain "/etc/squid/rules/restricted/instantmessaging/im_domains_list"
acl no_instantmessaging2 url_regex "/etc/squid/rules/restricted/instantmessaging/im_urls_list"
acl no_proxy1 dstdomain "/etc/squid/rules/restricted/proxy/proxy_domains_list"
acl no_proxy2 url_regex "/etc/squid/rules/restricted/proxy/proxy_urls_list"
acl no_social_networks dstdomain "/etc/squid/rules/restricted/social_networks/snet_domains_list"
acl forbidden_words url_regex "/etc/squid/rules/restricted/forbidden_words_list"
acl it_words url_regex "/etc/squid/rules/restricted/it_words_list"
acl X1_words url_regex "/etc/squid/rules/restricted/X1_words_list"
acl word_restricted_plus url_regex "/etc/squid/rules/restricted/word_restricted_plus"
acl browsers_apps browser "/etc/squid/rules/browsers_apps_list"
#
# STATEMENTS TO IP ADDRESS ALLOW
#-----------------------------------------------------------------------------
acl ip_addrs_dmz_servers src "/etc/squid/rules/ip_addrs/ip_adrs_dmz_list"
acl ip_addrs_admins src "/etc/squid/rules/ip_addrs/ip_adrs_admins_list"
acl ip_addrs_lan_internet src "/etc/squid/rules/ip_addrs/ip_addrs_lan_3w_list"
acl ip_addrs_lan_X4_inside src "/etc/squid/rules/ip_addrs/ip_addrs_lan_X4_inside_list"
acl lan_subnet src 192.168.222.0/24
#
acl users_admins proxy_auth "/etc/squid/rules/user/users_admins_list"
acl users_X1_internet proxy_auth "/etc/squid/rules/user/users_X1_internet_list"
acl users_X1_X4_inside proxy_auth "/etc/squid/rules/user/users_X1_X4_inside_list"
#
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 21 # ftp
#acl Safe_ports port 1935 # openmeetings
#acl Safe_ports port 5080 # openmeetings
#acl Safe_ports port 8088 # openmeetings
#acl Safe_ports port 70 # gopher
#acl Safe_ports port 210 # wais
#acl Safe_ports port 1025-65535 # unregistered ports
#acl Safe_ports port 280 # http-mgmt
#acl Safe_ports port 6667 # irc
#acl Safe_ports port 488 # gss-http
#acl Safe_ports port 591 # filemaker
#acl Safe_ports port 777 # multiling http
#acl Safe_ports port 631 # cups
#acl Safe_ports port 873 # rsync
#acl Safe_ports port 901 # SWAT
#
# END OF ACL
#-------------------------------------------------------------------------------
# DEFAULT CONFIGURATION
#---- Mrtg -----
snmp_port 3401
snmp_access allow community localhost
snmp_access deny all
#
http_access allow manager localhost
http_access allow manager ip_addrs_admins
http_access allow manager sqstat
http_access allow ip_addrs_dmz_servers
http_access allow ip_addrs_admins users_admins
http_access deny manager
http_access deny purge !localhost
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
#http_access deny connect no_ip1 all
#http_access deny connect no_ip2 all
#http_access deny msn_messenger
#
#-------------------------------------------------------------------------------
# HERE I DEFINE THE ACL POLICY
#-------------------------------------------------------------------------------
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow localhost
#http_access deny !browsers_apps
#
#########################################################################
# HERE WE GIVE ACCESS TO MACHINES THAT JUST CAN BROWSE INSIDE .X4 DOMAIN
#########################################################################
http_access allow ip_addrs_lan_X4_inside users_X1_X4_inside X4_inside sites-ok !no_ip1 !no_ip2 !X1_words !ext_audio_video
###############################################
# HERE WE GIVE THE INTERNET ACCESS TO MACHINES
###############################################
http_access allow ip_addrs_lan_internet users_X1_internet !no_ip1 !no_ip2 !no_proxy1 !no_proxy2 !ext_audio_video !no_chat1 !no_chat2 !no_filehosting1 !no_filehosting2 !no_filesharing1 !no_instantmessaging1 !no_instantmessaging2 !no_social_networks
http_access deny all
#
# TAG: http_reply_access
http_reply_access allow all
#
icp_access allow all
#------------------------------------------------------------------------------
# END OF POLICY
#------------------------------------------------------------------------------
# MISCELANEAS
#--------------------------------------------------------------------------------------------
auth_param basic realm ¡HOLA! COMO PROXY DEL ENTORNO X1.X2.X3.X4 | SUGIERO: ¡CUIDADO!
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
#
cache_mgr admins@X2.X3.X4
visible_hostname proxy.X2.X3.X4
# HERE WE WRITE SEEM TO THE APACHE LOGS
emulate_httpd_log on
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%Referer>h" "%User-Agent>h" %Ss:%Sh
logfile_rotate 10
# ACELERATION
#httpd_accel_host virtual
#httpd_accel_port 0
#httpd_accel_with_proxy on
# PASSWORDS
cachemgr_passwd UnixMan all
cache_effective_user proxy
cache_effective_group proxy
#
# TAG: coredump_dir
coredump_dir /var/spool/squid
#
http_port 172.16.5.4:3128
always_direct allow all
#
#
# PASSIVE FTP
ftp_user admins@X2.X3.X4
ftp_list_width 32
ftp_sanitycheck on
ftp_passive on
# TAG: dns_nameservers
dns_nameservers 172.16.5.11 172.16.5.12
#------------------------------ DELAYS POOLS ------------------------------#
################################################
## BANDWITH TABLA VALUES ##
#-----------------------------------------------
# TRANSFER RATE DELAY_POOLS VALUE
#-----------------------------------------------
# 32 Kbps 4096
# 64 Kbps 8192
# 100 Kbps 12800
# 128 Kbps 16384 > [ 1Mbps ]
# 150 Kbps 19200
# 256 Kbps 32768 > [ 2Mbps ]
# 300 Kbps 38400
# 350 Kbps 44800
# 384 Kbps 49152 > [ 3Mbps ]
# 400 Kbps 51200
# 512 Kbps 65536 > [ 4Mbps ]
# 550 Kbps 70400
# 600 Kbps 76800
# 650 Kbps 83200
# 700 Kbps 89600
# 750 Kbps 96000
# 768 Kbps 98304 > [ 6Mbps ]
# 800 Kbps 102400
# 850 Kbps 108800
# 900 Kbps 115200
# 950 Kbps 121600
# 1024 Kbps 131072
# 1050 Kbps 134400
#
delay_class 1 1
delay_parameters 1 49152/49152 # IP ADDRESS LAN - [ 384 Kbps = 3Mbps ]
delay_access 1 allow lan_subnet
delay_access 1 deny all
linux ubuntu squid samba4
closed as unclear what you're asking by Rui F Ribeiro, msp9011, Thomas, Stephen Harris, Fabby Dec 28 '18 at 21:14
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |
I need authenticate a squid 3.5 with a Active Directory build (over SAMBA4)
POST-DATA: This ubuntu is already joined to the Active Directory built on SAMBA4
I do not know if the problem is in the auth line: auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -b dc=X1,dc=X2,dc=X3,dc=X4 -D CN=auth,CN=Users,DC=X1,DC=X2,DC=X3,dc=X4 -w PASSWORD -f sAMAccountName=%s -h X1.X2.X3.X4
#------------------------------------------- GENERAL CONFIGURATION ----------------------------------------------
#
cache_mem 64 MB
#
# CACHE STATEMENT FOR SQUID
cache_dir ufs /var/spool/squid 20480 16 256
#
client_netmask 255.255.255.255
dead_peer_timeout 10 seconds
#
#---------------------------------------------- AUTH CONFIGURATION ----------------------------------------------
#
auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -b dc=X1,dc=X2,dc=X3,dc=X4 -D CN=auth,CN=Users,DC=X1,DC=X2,DC=X3,dc=X4 -w PASSWORD -f sAMAccountName=%s -h X1.X2.X3.X4
#
#
# PATH FOR THE LOGS
cache_access_log /var/log/squid/access.log
cache_log none
cache_store_log none
useragent_log none
#cache_log /var/log/squid/cache.log
#cache_store_log /var/log/squid/store.log
#useragent_log /var/log/squid/useragent.log
#
auth_param basic children 5
error_directory /usr/share/squid/errors/Spanish
authenticate_ttl 1 hour
#
# TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?
#
# TAG: nonhierarchical_direct
nonhierarchical_direct off
cache_swap_low 95
cache_swap_high 98
maximum_object_size 524288 KB
maximum_object_size_in_memory 1024 KB
offline_mode off
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
#
# reply_header_max_size 20 KB
# TAG: request_header_max_size (KB)
# This specifies the maximum size for HTTP headers in a request.
# Request headers are usually relatively small (about 512 bytes).
# Placing a limit on the request header size will catch certain
# bugs (for example with persistent connections) and possibly
# buffer-overflow or denial-of-service attacks.
#Default:
request_header_max_size 64 KB
# TAG: client_request_buffer_max_size (bytes)
# This specifies the maximum buffer size of a client request.
# It prevents squid eating too much memory when somebody uploads
# a large file.
#Default:
client_request_buffer_max_size 512 KB
# TAG: request_body_max_size (KB)
request_body_max_size 0 KB
#
debug_options ALL,2
shutdown_lifetime 15 seconds
httpd_suppress_version_string on
#
# TAG: refresh_pattern
#------------------------------------------------- CACHE REFESH -------------------------------------------------
#
refresh_pattern -i ^ftp: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i ^http: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i ^gopher: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i . 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
#
refresh_pattern -i kaspersky 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i grisoft 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i avg 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i eset 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i nod_eval 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i symantec 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i avast 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i clamav 960 200% 2160 reload-into-ims override-expire override-lastmod
#
refresh_pattern -i (/cgi-bin/|?) 0 0 0
#
# IMAGENES
refresh_pattern -i .gif$ 14400 80% 43200
refresh_pattern -i .tiff?$ 14400 80% 43200
refresh_pattern -i .bmp$ 14400 80% 43200
refresh_pattern -i .jp?g$ 14400 80% 43200
refresh_pattern -i .xbm$ 14400 80% 43200
refresh_pattern -i .png$ 14400 80% 43200
refresh_pattern -i .wrl$ 14400 80% 43200
refresh_pattern -i .ico$ 14400 80% 43200
refresh_pattern -i .pnm$ 14400 80% 43200
refresh_pattern -i .pbm$ 14400 80% 43200
refresh_pattern -i .pgm$ 14400 80% 43200
refresh_pattern -i .ppm$ 14400 80% 43200
refresh_pattern -i .rgb$ 14400 80% 43200
refresh_pattern -i .ppm$ 14400 80% 43200
refresh_pattern -i .rgb$ 14400 80% 43200
refresh_pattern -i .xpm$ 14400 80% 43200
refresh_pattern -i .xwd$ 14400 80% 43200
refresh_pattern -i .pict?$ 14400 80% 43200
#
# MOVIES
refresh_pattern -i .mov$ 14400 80% 43200
refresh_pattern -i .mp?g?$ 14400 80% 43200
refresh_pattern -i .avi$ 14400 80% 43200
refresh_pattern -i .qtm?$ 14400 80% 43200
refresh_pattern -i .viv$ 14400 80% 43200
refresh_pattern -i .swf$ 14400 80% 43200
refresh_pattern -i .flv$ 14400 80% 43200
refresh_pattern -i .mp4$ 14400 80% 43200
refresh_pattern -i .mkv$ 14400 80% 43200
refresh_pattern -i .wmv$ 14400 80% 43200
#
# SOUNDS
refresh_pattern -i .wav$ 14400 80% 43200
refresh_pattern -i .aiff?$ 14400 80% 43200
refresh_pattern -i .au$ 14400 80% 43200
refresh_pattern -i .ram?$ 14400 80% 43200
refresh_pattern -i .snd$ 14400 80% 43200
refresh_pattern -i .mid$ 14400 80% 43200
refresh_pattern -i .mp2$ 14400 80% 43200
refresh_pattern -i .mp3$ 14400 80% 43200
refresh_pattern -i .ogg$ 14400 80% 43200
#
# ARCHIVES
refresh_pattern -i .sit$ 14400 80% 43200
refresh_pattern -i .zip$ 14400 80% 43200
refresh_pattern -i .7zip$ 14400 80% 43200
refresh_pattern -i .hqx$ 14400 80% 43200
refresh_pattern -i .exe$ 14400 80% 43200
refresh_pattern -i .arj$ 14400 80% 43200
refresh_pattern -i .lzh$ 14400 80% 43200
refresh_pattern -i .lha$ 14400 80% 43200
refresh_pattern -i .cab$ 14400 80% 43200
refresh_pattern -i .rar$ 14400 80% 43200
refresh_pattern -i .tar$ 14400 80% 43200
refresh_pattern -i .gz$ 14400 80% 43200
refresh_pattern -i .z$ 14400 80% 43200
refresh_pattern -i .a[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i .r[0-9][0-9]$ 14400 80% 43200
#
# DATA FILES
refresh_pattern -i .txt$ 14400 80% 43200
refresh_pattern -i .pdf$ 14400 80% 43200
refresh_pattern -i .doc$ 14400 80% 43200
refresh_pattern -i .rtf$ 14400 80% 43200
refresh_pattern -i .tex$ 14400 80% 43200
refresh_pattern -i .latex$ 14400 80% 43200
#
# JAVA-TYPE OBJECTS
refresh_pattern -i .class$ 14400 80% 43200
refresh_pattern -i .js$ 14400 80% 43200
refresh_pattern -i .class$ 14400 80% 43200
#
# WEB-TYPE OBJECTS
refresh_pattern -i .css$ 10 20% 4320
refresh_pattern -i .html?$ 10 20% 4320
refresh_pattern /$ 10 20% 4320
#
# TO AVOID PROBLEMS WITH .DO SCRIPTS
refresh_pattern -i .do$ 0 0% 1440
#
# TAG: quick_abort (KB)
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
# TAG: reload_into_ims on|off
reload_into_ims on
#
# TAG: collapsed_forwarding (on|off)
collapsed_forwarding on
#
# TAG: refresh_stale_hit (time)
refresh_stale_hit 10 seconds
#
# TAG: half_closed_clients
half_closed_clients off
#
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
append_domain .X1.X2.X3.X4
acl QUERY urlpath_regex cgi-bin ?
cache deny QUERY
#
# ACCESS CONTROL
#-----------------------------------------------------------------------------
#Defaults
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl sqstat src 172.16.5.0/255.255.255.255
acl working time MTWHF 08:00-17:00
acl not_working time MTWHF 17:01-23:59
acl early_morning time MTWHF 00:00-07:59
acl weekend time AS 00:00-23:59
acl downloads_restricted urlpath_regex "/etc/squid/rules/ext_restrict_list"
acl downloads urlpath_regex "/etc/squid/rules/ext_allow_list"
acl media_sites url_regex -i "/etc/squid/rules/media_sites_list"
acl threads maxconn 5
acl community snmp_community public
acl password proxy_auth REQUIRED
acl connect method CONNECT
acl X4_inside dstdomain .X4
acl sites-ok dstdomain "/etc/squid/rules/allow/sites_allow_list"
acl no_ip1 urlpath_regex .[0-9]3$.[a-zA-Z][0-9]2,$
acl no_ip2 dstdom_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+$
acl msn_messenger req_mime_type -i ^application/x-msn-messenger$
#
acl ext_audio_video urlpath_regex "/etc/squid/rules/restricted/ext_audio_video_list"
acl no_chat1 dstdomain "/etc/squid/rules/restricted/chat/chat_domains_list"
acl no_chat2 url_regex "/etc/squid/rules/restricted/chat/chat_urls_list"
acl no_filehosting1 dstdomain "/etc/squid/rules/restricted/filehosting/fhost_domains_list"
acl no_filehosting2 url_regex "/etc/squid/rules/restricted/filehosting/fhost_urls_list"
acl no_filesharing1 dstdomain "/etc/squid/rules/restricted/filesharing/fshare_domains_list"
acl no_filesharing2 url_regex "/etc/squid/rules/restricted/filesharing/fshare_urls_list"
acl no_instantmessaging1 dstdomain "/etc/squid/rules/restricted/instantmessaging/im_domains_list"
acl no_instantmessaging2 url_regex "/etc/squid/rules/restricted/instantmessaging/im_urls_list"
acl no_proxy1 dstdomain "/etc/squid/rules/restricted/proxy/proxy_domains_list"
acl no_proxy2 url_regex "/etc/squid/rules/restricted/proxy/proxy_urls_list"
acl no_social_networks dstdomain "/etc/squid/rules/restricted/social_networks/snet_domains_list"
acl forbidden_words url_regex "/etc/squid/rules/restricted/forbidden_words_list"
acl it_words url_regex "/etc/squid/rules/restricted/it_words_list"
acl X1_words url_regex "/etc/squid/rules/restricted/X1_words_list"
acl word_restricted_plus url_regex "/etc/squid/rules/restricted/word_restricted_plus"
acl browsers_apps browser "/etc/squid/rules/browsers_apps_list"
#
# STATEMENTS TO IP ADDRESS ALLOW
#-----------------------------------------------------------------------------
acl ip_addrs_dmz_servers src "/etc/squid/rules/ip_addrs/ip_adrs_dmz_list"
acl ip_addrs_admins src "/etc/squid/rules/ip_addrs/ip_adrs_admins_list"
acl ip_addrs_lan_internet src "/etc/squid/rules/ip_addrs/ip_addrs_lan_3w_list"
acl ip_addrs_lan_X4_inside src "/etc/squid/rules/ip_addrs/ip_addrs_lan_X4_inside_list"
acl lan_subnet src 192.168.222.0/24
#
acl users_admins proxy_auth "/etc/squid/rules/user/users_admins_list"
acl users_X1_internet proxy_auth "/etc/squid/rules/user/users_X1_internet_list"
acl users_X1_X4_inside proxy_auth "/etc/squid/rules/user/users_X1_X4_inside_list"
#
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 21 # ftp
#acl Safe_ports port 1935 # openmeetings
#acl Safe_ports port 5080 # openmeetings
#acl Safe_ports port 8088 # openmeetings
#acl Safe_ports port 70 # gopher
#acl Safe_ports port 210 # wais
#acl Safe_ports port 1025-65535 # unregistered ports
#acl Safe_ports port 280 # http-mgmt
#acl Safe_ports port 6667 # irc
#acl Safe_ports port 488 # gss-http
#acl Safe_ports port 591 # filemaker
#acl Safe_ports port 777 # multiling http
#acl Safe_ports port 631 # cups
#acl Safe_ports port 873 # rsync
#acl Safe_ports port 901 # SWAT
#
# END OF ACL
#-------------------------------------------------------------------------------
# DEFAULT CONFIGURATION
#---- Mrtg -----
snmp_port 3401
snmp_access allow community localhost
snmp_access deny all
#
http_access allow manager localhost
http_access allow manager ip_addrs_admins
http_access allow manager sqstat
http_access allow ip_addrs_dmz_servers
http_access allow ip_addrs_admins users_admins
http_access deny manager
http_access deny purge !localhost
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
#http_access deny connect no_ip1 all
#http_access deny connect no_ip2 all
#http_access deny msn_messenger
#
#-------------------------------------------------------------------------------
# HERE I DEFINE THE ACL POLICY
#-------------------------------------------------------------------------------
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow localhost
#http_access deny !browsers_apps
#
#########################################################################
# HERE WE GIVE ACCESS TO MACHINES THAT JUST CAN BROWSE INSIDE .X4 DOMAIN
#########################################################################
http_access allow ip_addrs_lan_X4_inside users_X1_X4_inside X4_inside sites-ok !no_ip1 !no_ip2 !X1_words !ext_audio_video
###############################################
# HERE WE GIVE THE INTERNET ACCESS TO MACHINES
###############################################
http_access allow ip_addrs_lan_internet users_X1_internet !no_ip1 !no_ip2 !no_proxy1 !no_proxy2 !ext_audio_video !no_chat1 !no_chat2 !no_filehosting1 !no_filehosting2 !no_filesharing1 !no_instantmessaging1 !no_instantmessaging2 !no_social_networks
http_access deny all
#
# TAG: http_reply_access
http_reply_access allow all
#
icp_access allow all
#------------------------------------------------------------------------------
# END OF POLICY
#------------------------------------------------------------------------------
# MISCELANEAS
#--------------------------------------------------------------------------------------------
auth_param basic realm ¡HOLA! COMO PROXY DEL ENTORNO X1.X2.X3.X4 | SUGIERO: ¡CUIDADO!
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
#
cache_mgr admins@X2.X3.X4
visible_hostname proxy.X2.X3.X4
# HERE WE WRITE SEEM TO THE APACHE LOGS
emulate_httpd_log on
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%Referer>h" "%User-Agent>h" %Ss:%Sh
logfile_rotate 10
# ACELERATION
#httpd_accel_host virtual
#httpd_accel_port 0
#httpd_accel_with_proxy on
# PASSWORDS
cachemgr_passwd UnixMan all
cache_effective_user proxy
cache_effective_group proxy
#
# TAG: coredump_dir
coredump_dir /var/spool/squid
#
http_port 172.16.5.4:3128
always_direct allow all
#
#
# PASSIVE FTP
ftp_user admins@X2.X3.X4
ftp_list_width 32
ftp_sanitycheck on
ftp_passive on
# TAG: dns_nameservers
dns_nameservers 172.16.5.11 172.16.5.12
#------------------------------ DELAYS POOLS ------------------------------#
################################################
## BANDWITH TABLA VALUES ##
#-----------------------------------------------
# TRANSFER RATE DELAY_POOLS VALUE
#-----------------------------------------------
# 32 Kbps 4096
# 64 Kbps 8192
# 100 Kbps 12800
# 128 Kbps 16384 > [ 1Mbps ]
# 150 Kbps 19200
# 256 Kbps 32768 > [ 2Mbps ]
# 300 Kbps 38400
# 350 Kbps 44800
# 384 Kbps 49152 > [ 3Mbps ]
# 400 Kbps 51200
# 512 Kbps 65536 > [ 4Mbps ]
# 550 Kbps 70400
# 600 Kbps 76800
# 650 Kbps 83200
# 700 Kbps 89600
# 750 Kbps 96000
# 768 Kbps 98304 > [ 6Mbps ]
# 800 Kbps 102400
# 850 Kbps 108800
# 900 Kbps 115200
# 950 Kbps 121600
# 1024 Kbps 131072
# 1050 Kbps 134400
#
delay_class 1 1
delay_parameters 1 49152/49152 # IP ADDRESS LAN - [ 384 Kbps = 3Mbps ]
delay_access 1 allow lan_subnet
delay_access 1 deny all
linux ubuntu squid samba4
closed as unclear what you're asking by Rui F Ribeiro, msp9011, Thomas, Stephen Harris, Fabby Dec 28 '18 at 21:14
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |
I need authenticate a squid 3.5 with a Active Directory build (over SAMBA4)
POST-DATA: This ubuntu is already joined to the Active Directory built on SAMBA4
I do not know if the problem is in the auth line: auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -b dc=X1,dc=X2,dc=X3,dc=X4 -D CN=auth,CN=Users,DC=X1,DC=X2,DC=X3,dc=X4 -w PASSWORD -f sAMAccountName=%s -h X1.X2.X3.X4
#------------------------------------------- GENERAL CONFIGURATION ----------------------------------------------
#
cache_mem 64 MB
#
# CACHE STATEMENT FOR SQUID
cache_dir ufs /var/spool/squid 20480 16 256
#
client_netmask 255.255.255.255
dead_peer_timeout 10 seconds
#
#---------------------------------------------- AUTH CONFIGURATION ----------------------------------------------
#
auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -b dc=X1,dc=X2,dc=X3,dc=X4 -D CN=auth,CN=Users,DC=X1,DC=X2,DC=X3,dc=X4 -w PASSWORD -f sAMAccountName=%s -h X1.X2.X3.X4
#
#
# PATH FOR THE LOGS
cache_access_log /var/log/squid/access.log
cache_log none
cache_store_log none
useragent_log none
#cache_log /var/log/squid/cache.log
#cache_store_log /var/log/squid/store.log
#useragent_log /var/log/squid/useragent.log
#
auth_param basic children 5
error_directory /usr/share/squid/errors/Spanish
authenticate_ttl 1 hour
#
# TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?
#
# TAG: nonhierarchical_direct
nonhierarchical_direct off
cache_swap_low 95
cache_swap_high 98
maximum_object_size 524288 KB
maximum_object_size_in_memory 1024 KB
offline_mode off
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
#
# reply_header_max_size 20 KB
# TAG: request_header_max_size (KB)
# This specifies the maximum size for HTTP headers in a request.
# Request headers are usually relatively small (about 512 bytes).
# Placing a limit on the request header size will catch certain
# bugs (for example with persistent connections) and possibly
# buffer-overflow or denial-of-service attacks.
#Default:
request_header_max_size 64 KB
# TAG: client_request_buffer_max_size (bytes)
# This specifies the maximum buffer size of a client request.
# It prevents squid eating too much memory when somebody uploads
# a large file.
#Default:
client_request_buffer_max_size 512 KB
# TAG: request_body_max_size (KB)
request_body_max_size 0 KB
#
debug_options ALL,2
shutdown_lifetime 15 seconds
httpd_suppress_version_string on
#
# TAG: refresh_pattern
#------------------------------------------------- CACHE REFESH -------------------------------------------------
#
refresh_pattern -i ^ftp: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i ^http: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i ^gopher: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i . 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
#
refresh_pattern -i kaspersky 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i grisoft 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i avg 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i eset 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i nod_eval 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i symantec 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i avast 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i clamav 960 200% 2160 reload-into-ims override-expire override-lastmod
#
refresh_pattern -i (/cgi-bin/|?) 0 0 0
#
# IMAGENES
refresh_pattern -i .gif$ 14400 80% 43200
refresh_pattern -i .tiff?$ 14400 80% 43200
refresh_pattern -i .bmp$ 14400 80% 43200
refresh_pattern -i .jp?g$ 14400 80% 43200
refresh_pattern -i .xbm$ 14400 80% 43200
refresh_pattern -i .png$ 14400 80% 43200
refresh_pattern -i .wrl$ 14400 80% 43200
refresh_pattern -i .ico$ 14400 80% 43200
refresh_pattern -i .pnm$ 14400 80% 43200
refresh_pattern -i .pbm$ 14400 80% 43200
refresh_pattern -i .pgm$ 14400 80% 43200
refresh_pattern -i .ppm$ 14400 80% 43200
refresh_pattern -i .rgb$ 14400 80% 43200
refresh_pattern -i .ppm$ 14400 80% 43200
refresh_pattern -i .rgb$ 14400 80% 43200
refresh_pattern -i .xpm$ 14400 80% 43200
refresh_pattern -i .xwd$ 14400 80% 43200
refresh_pattern -i .pict?$ 14400 80% 43200
#
# MOVIES
refresh_pattern -i .mov$ 14400 80% 43200
refresh_pattern -i .mp?g?$ 14400 80% 43200
refresh_pattern -i .avi$ 14400 80% 43200
refresh_pattern -i .qtm?$ 14400 80% 43200
refresh_pattern -i .viv$ 14400 80% 43200
refresh_pattern -i .swf$ 14400 80% 43200
refresh_pattern -i .flv$ 14400 80% 43200
refresh_pattern -i .mp4$ 14400 80% 43200
refresh_pattern -i .mkv$ 14400 80% 43200
refresh_pattern -i .wmv$ 14400 80% 43200
#
# SOUNDS
refresh_pattern -i .wav$ 14400 80% 43200
refresh_pattern -i .aiff?$ 14400 80% 43200
refresh_pattern -i .au$ 14400 80% 43200
refresh_pattern -i .ram?$ 14400 80% 43200
refresh_pattern -i .snd$ 14400 80% 43200
refresh_pattern -i .mid$ 14400 80% 43200
refresh_pattern -i .mp2$ 14400 80% 43200
refresh_pattern -i .mp3$ 14400 80% 43200
refresh_pattern -i .ogg$ 14400 80% 43200
#
# ARCHIVES
refresh_pattern -i .sit$ 14400 80% 43200
refresh_pattern -i .zip$ 14400 80% 43200
refresh_pattern -i .7zip$ 14400 80% 43200
refresh_pattern -i .hqx$ 14400 80% 43200
refresh_pattern -i .exe$ 14400 80% 43200
refresh_pattern -i .arj$ 14400 80% 43200
refresh_pattern -i .lzh$ 14400 80% 43200
refresh_pattern -i .lha$ 14400 80% 43200
refresh_pattern -i .cab$ 14400 80% 43200
refresh_pattern -i .rar$ 14400 80% 43200
refresh_pattern -i .tar$ 14400 80% 43200
refresh_pattern -i .gz$ 14400 80% 43200
refresh_pattern -i .z$ 14400 80% 43200
refresh_pattern -i .a[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i .r[0-9][0-9]$ 14400 80% 43200
#
# DATA FILES
refresh_pattern -i .txt$ 14400 80% 43200
refresh_pattern -i .pdf$ 14400 80% 43200
refresh_pattern -i .doc$ 14400 80% 43200
refresh_pattern -i .rtf$ 14400 80% 43200
refresh_pattern -i .tex$ 14400 80% 43200
refresh_pattern -i .latex$ 14400 80% 43200
#
# JAVA-TYPE OBJECTS
refresh_pattern -i .class$ 14400 80% 43200
refresh_pattern -i .js$ 14400 80% 43200
refresh_pattern -i .class$ 14400 80% 43200
#
# WEB-TYPE OBJECTS
refresh_pattern -i .css$ 10 20% 4320
refresh_pattern -i .html?$ 10 20% 4320
refresh_pattern /$ 10 20% 4320
#
# TO AVOID PROBLEMS WITH .DO SCRIPTS
refresh_pattern -i .do$ 0 0% 1440
#
# TAG: quick_abort (KB)
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
# TAG: reload_into_ims on|off
reload_into_ims on
#
# TAG: collapsed_forwarding (on|off)
collapsed_forwarding on
#
# TAG: refresh_stale_hit (time)
refresh_stale_hit 10 seconds
#
# TAG: half_closed_clients
half_closed_clients off
#
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
append_domain .X1.X2.X3.X4
acl QUERY urlpath_regex cgi-bin ?
cache deny QUERY
#
# ACCESS CONTROL
#-----------------------------------------------------------------------------
#Defaults
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl sqstat src 172.16.5.0/255.255.255.255
acl working time MTWHF 08:00-17:00
acl not_working time MTWHF 17:01-23:59
acl early_morning time MTWHF 00:00-07:59
acl weekend time AS 00:00-23:59
acl downloads_restricted urlpath_regex "/etc/squid/rules/ext_restrict_list"
acl downloads urlpath_regex "/etc/squid/rules/ext_allow_list"
acl media_sites url_regex -i "/etc/squid/rules/media_sites_list"
acl threads maxconn 5
acl community snmp_community public
acl password proxy_auth REQUIRED
acl connect method CONNECT
acl X4_inside dstdomain .X4
acl sites-ok dstdomain "/etc/squid/rules/allow/sites_allow_list"
acl no_ip1 urlpath_regex .[0-9]3$.[a-zA-Z][0-9]2,$
acl no_ip2 dstdom_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+$
acl msn_messenger req_mime_type -i ^application/x-msn-messenger$
#
acl ext_audio_video urlpath_regex "/etc/squid/rules/restricted/ext_audio_video_list"
acl no_chat1 dstdomain "/etc/squid/rules/restricted/chat/chat_domains_list"
acl no_chat2 url_regex "/etc/squid/rules/restricted/chat/chat_urls_list"
acl no_filehosting1 dstdomain "/etc/squid/rules/restricted/filehosting/fhost_domains_list"
acl no_filehosting2 url_regex "/etc/squid/rules/restricted/filehosting/fhost_urls_list"
acl no_filesharing1 dstdomain "/etc/squid/rules/restricted/filesharing/fshare_domains_list"
acl no_filesharing2 url_regex "/etc/squid/rules/restricted/filesharing/fshare_urls_list"
acl no_instantmessaging1 dstdomain "/etc/squid/rules/restricted/instantmessaging/im_domains_list"
acl no_instantmessaging2 url_regex "/etc/squid/rules/restricted/instantmessaging/im_urls_list"
acl no_proxy1 dstdomain "/etc/squid/rules/restricted/proxy/proxy_domains_list"
acl no_proxy2 url_regex "/etc/squid/rules/restricted/proxy/proxy_urls_list"
acl no_social_networks dstdomain "/etc/squid/rules/restricted/social_networks/snet_domains_list"
acl forbidden_words url_regex "/etc/squid/rules/restricted/forbidden_words_list"
acl it_words url_regex "/etc/squid/rules/restricted/it_words_list"
acl X1_words url_regex "/etc/squid/rules/restricted/X1_words_list"
acl word_restricted_plus url_regex "/etc/squid/rules/restricted/word_restricted_plus"
acl browsers_apps browser "/etc/squid/rules/browsers_apps_list"
#
# STATEMENTS TO IP ADDRESS ALLOW
#-----------------------------------------------------------------------------
acl ip_addrs_dmz_servers src "/etc/squid/rules/ip_addrs/ip_adrs_dmz_list"
acl ip_addrs_admins src "/etc/squid/rules/ip_addrs/ip_adrs_admins_list"
acl ip_addrs_lan_internet src "/etc/squid/rules/ip_addrs/ip_addrs_lan_3w_list"
acl ip_addrs_lan_X4_inside src "/etc/squid/rules/ip_addrs/ip_addrs_lan_X4_inside_list"
acl lan_subnet src 192.168.222.0/24
#
acl users_admins proxy_auth "/etc/squid/rules/user/users_admins_list"
acl users_X1_internet proxy_auth "/etc/squid/rules/user/users_X1_internet_list"
acl users_X1_X4_inside proxy_auth "/etc/squid/rules/user/users_X1_X4_inside_list"
#
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 21 # ftp
#acl Safe_ports port 1935 # openmeetings
#acl Safe_ports port 5080 # openmeetings
#acl Safe_ports port 8088 # openmeetings
#acl Safe_ports port 70 # gopher
#acl Safe_ports port 210 # wais
#acl Safe_ports port 1025-65535 # unregistered ports
#acl Safe_ports port 280 # http-mgmt
#acl Safe_ports port 6667 # irc
#acl Safe_ports port 488 # gss-http
#acl Safe_ports port 591 # filemaker
#acl Safe_ports port 777 # multiling http
#acl Safe_ports port 631 # cups
#acl Safe_ports port 873 # rsync
#acl Safe_ports port 901 # SWAT
#
# END OF ACL
#-------------------------------------------------------------------------------
# DEFAULT CONFIGURATION
#---- Mrtg -----
snmp_port 3401
snmp_access allow community localhost
snmp_access deny all
#
http_access allow manager localhost
http_access allow manager ip_addrs_admins
http_access allow manager sqstat
http_access allow ip_addrs_dmz_servers
http_access allow ip_addrs_admins users_admins
http_access deny manager
http_access deny purge !localhost
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
#http_access deny connect no_ip1 all
#http_access deny connect no_ip2 all
#http_access deny msn_messenger
#
#-------------------------------------------------------------------------------
# HERE I DEFINE THE ACL POLICY
#-------------------------------------------------------------------------------
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow localhost
#http_access deny !browsers_apps
#
#########################################################################
# HERE WE GIVE ACCESS TO MACHINES THAT JUST CAN BROWSE INSIDE .X4 DOMAIN
#########################################################################
http_access allow ip_addrs_lan_X4_inside users_X1_X4_inside X4_inside sites-ok !no_ip1 !no_ip2 !X1_words !ext_audio_video
###############################################
# HERE WE GIVE THE INTERNET ACCESS TO MACHINES
###############################################
http_access allow ip_addrs_lan_internet users_X1_internet !no_ip1 !no_ip2 !no_proxy1 !no_proxy2 !ext_audio_video !no_chat1 !no_chat2 !no_filehosting1 !no_filehosting2 !no_filesharing1 !no_instantmessaging1 !no_instantmessaging2 !no_social_networks
http_access deny all
#
# TAG: http_reply_access
http_reply_access allow all
#
icp_access allow all
#------------------------------------------------------------------------------
# END OF POLICY
#------------------------------------------------------------------------------
# MISCELANEAS
#--------------------------------------------------------------------------------------------
auth_param basic realm ¡HOLA! COMO PROXY DEL ENTORNO X1.X2.X3.X4 | SUGIERO: ¡CUIDADO!
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
#
cache_mgr admins@X2.X3.X4
visible_hostname proxy.X2.X3.X4
# HERE WE WRITE SEEM TO THE APACHE LOGS
emulate_httpd_log on
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%Referer>h" "%User-Agent>h" %Ss:%Sh
logfile_rotate 10
# ACELERATION
#httpd_accel_host virtual
#httpd_accel_port 0
#httpd_accel_with_proxy on
# PASSWORDS
cachemgr_passwd UnixMan all
cache_effective_user proxy
cache_effective_group proxy
#
# TAG: coredump_dir
coredump_dir /var/spool/squid
#
http_port 172.16.5.4:3128
always_direct allow all
#
#
# PASSIVE FTP
ftp_user admins@X2.X3.X4
ftp_list_width 32
ftp_sanitycheck on
ftp_passive on
# TAG: dns_nameservers
dns_nameservers 172.16.5.11 172.16.5.12
#------------------------------ DELAYS POOLS ------------------------------#
################################################
## BANDWITH TABLA VALUES ##
#-----------------------------------------------
# TRANSFER RATE DELAY_POOLS VALUE
#-----------------------------------------------
# 32 Kbps 4096
# 64 Kbps 8192
# 100 Kbps 12800
# 128 Kbps 16384 > [ 1Mbps ]
# 150 Kbps 19200
# 256 Kbps 32768 > [ 2Mbps ]
# 300 Kbps 38400
# 350 Kbps 44800
# 384 Kbps 49152 > [ 3Mbps ]
# 400 Kbps 51200
# 512 Kbps 65536 > [ 4Mbps ]
# 550 Kbps 70400
# 600 Kbps 76800
# 650 Kbps 83200
# 700 Kbps 89600
# 750 Kbps 96000
# 768 Kbps 98304 > [ 6Mbps ]
# 800 Kbps 102400
# 850 Kbps 108800
# 900 Kbps 115200
# 950 Kbps 121600
# 1024 Kbps 131072
# 1050 Kbps 134400
#
delay_class 1 1
delay_parameters 1 49152/49152 # IP ADDRESS LAN - [ 384 Kbps = 3Mbps ]
delay_access 1 allow lan_subnet
delay_access 1 deny all
linux ubuntu squid samba4
I need authenticate a squid 3.5 with a Active Directory build (over SAMBA4)
POST-DATA: This ubuntu is already joined to the Active Directory built on SAMBA4
I do not know if the problem is in the auth line: auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -b dc=X1,dc=X2,dc=X3,dc=X4 -D CN=auth,CN=Users,DC=X1,DC=X2,DC=X3,dc=X4 -w PASSWORD -f sAMAccountName=%s -h X1.X2.X3.X4
#------------------------------------------- GENERAL CONFIGURATION ----------------------------------------------
#
cache_mem 64 MB
#
# CACHE STATEMENT FOR SQUID
cache_dir ufs /var/spool/squid 20480 16 256
#
client_netmask 255.255.255.255
dead_peer_timeout 10 seconds
#
#---------------------------------------------- AUTH CONFIGURATION ----------------------------------------------
#
auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -b dc=X1,dc=X2,dc=X3,dc=X4 -D CN=auth,CN=Users,DC=X1,DC=X2,DC=X3,dc=X4 -w PASSWORD -f sAMAccountName=%s -h X1.X2.X3.X4
#
#
# PATH FOR THE LOGS
cache_access_log /var/log/squid/access.log
cache_log none
cache_store_log none
useragent_log none
#cache_log /var/log/squid/cache.log
#cache_store_log /var/log/squid/store.log
#useragent_log /var/log/squid/useragent.log
#
auth_param basic children 5
error_directory /usr/share/squid/errors/Spanish
authenticate_ttl 1 hour
#
# TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?
#
# TAG: nonhierarchical_direct
nonhierarchical_direct off
cache_swap_low 95
cache_swap_high 98
maximum_object_size 524288 KB
maximum_object_size_in_memory 1024 KB
offline_mode off
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
#
# reply_header_max_size 20 KB
# TAG: request_header_max_size (KB)
# This specifies the maximum size for HTTP headers in a request.
# Request headers are usually relatively small (about 512 bytes).
# Placing a limit on the request header size will catch certain
# bugs (for example with persistent connections) and possibly
# buffer-overflow or denial-of-service attacks.
#Default:
request_header_max_size 64 KB
# TAG: client_request_buffer_max_size (bytes)
# This specifies the maximum buffer size of a client request.
# It prevents squid eating too much memory when somebody uploads
# a large file.
#Default:
client_request_buffer_max_size 512 KB
# TAG: request_body_max_size (KB)
request_body_max_size 0 KB
#
debug_options ALL,2
shutdown_lifetime 15 seconds
httpd_suppress_version_string on
#
# TAG: refresh_pattern
#------------------------------------------------- CACHE REFESH -------------------------------------------------
#
refresh_pattern -i ^ftp: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i ^http: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i ^gopher: 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
refresh_pattern -i . 600000 100% 700000 override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private ignore-auth
#
refresh_pattern -i kaspersky 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i grisoft 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i avg 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i eset 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i nod_eval 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i symantec 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i avast 960 200% 2160 reload-into-ims override-expire override-lastmod
refresh_pattern -i clamav 960 200% 2160 reload-into-ims override-expire override-lastmod
#
refresh_pattern -i (/cgi-bin/|?) 0 0 0
#
# IMAGENES
refresh_pattern -i .gif$ 14400 80% 43200
refresh_pattern -i .tiff?$ 14400 80% 43200
refresh_pattern -i .bmp$ 14400 80% 43200
refresh_pattern -i .jp?g$ 14400 80% 43200
refresh_pattern -i .xbm$ 14400 80% 43200
refresh_pattern -i .png$ 14400 80% 43200
refresh_pattern -i .wrl$ 14400 80% 43200
refresh_pattern -i .ico$ 14400 80% 43200
refresh_pattern -i .pnm$ 14400 80% 43200
refresh_pattern -i .pbm$ 14400 80% 43200
refresh_pattern -i .pgm$ 14400 80% 43200
refresh_pattern -i .ppm$ 14400 80% 43200
refresh_pattern -i .rgb$ 14400 80% 43200
refresh_pattern -i .ppm$ 14400 80% 43200
refresh_pattern -i .rgb$ 14400 80% 43200
refresh_pattern -i .xpm$ 14400 80% 43200
refresh_pattern -i .xwd$ 14400 80% 43200
refresh_pattern -i .pict?$ 14400 80% 43200
#
# MOVIES
refresh_pattern -i .mov$ 14400 80% 43200
refresh_pattern -i .mp?g?$ 14400 80% 43200
refresh_pattern -i .avi$ 14400 80% 43200
refresh_pattern -i .qtm?$ 14400 80% 43200
refresh_pattern -i .viv$ 14400 80% 43200
refresh_pattern -i .swf$ 14400 80% 43200
refresh_pattern -i .flv$ 14400 80% 43200
refresh_pattern -i .mp4$ 14400 80% 43200
refresh_pattern -i .mkv$ 14400 80% 43200
refresh_pattern -i .wmv$ 14400 80% 43200
#
# SOUNDS
refresh_pattern -i .wav$ 14400 80% 43200
refresh_pattern -i .aiff?$ 14400 80% 43200
refresh_pattern -i .au$ 14400 80% 43200
refresh_pattern -i .ram?$ 14400 80% 43200
refresh_pattern -i .snd$ 14400 80% 43200
refresh_pattern -i .mid$ 14400 80% 43200
refresh_pattern -i .mp2$ 14400 80% 43200
refresh_pattern -i .mp3$ 14400 80% 43200
refresh_pattern -i .ogg$ 14400 80% 43200
#
# ARCHIVES
refresh_pattern -i .sit$ 14400 80% 43200
refresh_pattern -i .zip$ 14400 80% 43200
refresh_pattern -i .7zip$ 14400 80% 43200
refresh_pattern -i .hqx$ 14400 80% 43200
refresh_pattern -i .exe$ 14400 80% 43200
refresh_pattern -i .arj$ 14400 80% 43200
refresh_pattern -i .lzh$ 14400 80% 43200
refresh_pattern -i .lha$ 14400 80% 43200
refresh_pattern -i .cab$ 14400 80% 43200
refresh_pattern -i .rar$ 14400 80% 43200
refresh_pattern -i .tar$ 14400 80% 43200
refresh_pattern -i .gz$ 14400 80% 43200
refresh_pattern -i .z$ 14400 80% 43200
refresh_pattern -i .a[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i .r[0-9][0-9]$ 14400 80% 43200
#
# DATA FILES
refresh_pattern -i .txt$ 14400 80% 43200
refresh_pattern -i .pdf$ 14400 80% 43200
refresh_pattern -i .doc$ 14400 80% 43200
refresh_pattern -i .rtf$ 14400 80% 43200
refresh_pattern -i .tex$ 14400 80% 43200
refresh_pattern -i .latex$ 14400 80% 43200
#
# JAVA-TYPE OBJECTS
refresh_pattern -i .class$ 14400 80% 43200
refresh_pattern -i .js$ 14400 80% 43200
refresh_pattern -i .class$ 14400 80% 43200
#
# WEB-TYPE OBJECTS
refresh_pattern -i .css$ 10 20% 4320
refresh_pattern -i .html?$ 10 20% 4320
refresh_pattern /$ 10 20% 4320
#
# TO AVOID PROBLEMS WITH .DO SCRIPTS
refresh_pattern -i .do$ 0 0% 1440
#
# TAG: quick_abort (KB)
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
# TAG: reload_into_ims on|off
reload_into_ims on
#
# TAG: collapsed_forwarding (on|off)
collapsed_forwarding on
#
# TAG: refresh_stale_hit (time)
refresh_stale_hit 10 seconds
#
# TAG: half_closed_clients
half_closed_clients off
#
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
append_domain .X1.X2.X3.X4
acl QUERY urlpath_regex cgi-bin ?
cache deny QUERY
#
# ACCESS CONTROL
#-----------------------------------------------------------------------------
#Defaults
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl sqstat src 172.16.5.0/255.255.255.255
acl working time MTWHF 08:00-17:00
acl not_working time MTWHF 17:01-23:59
acl early_morning time MTWHF 00:00-07:59
acl weekend time AS 00:00-23:59
acl downloads_restricted urlpath_regex "/etc/squid/rules/ext_restrict_list"
acl downloads urlpath_regex "/etc/squid/rules/ext_allow_list"
acl media_sites url_regex -i "/etc/squid/rules/media_sites_list"
acl threads maxconn 5
acl community snmp_community public
acl password proxy_auth REQUIRED
acl connect method CONNECT
acl X4_inside dstdomain .X4
acl sites-ok dstdomain "/etc/squid/rules/allow/sites_allow_list"
acl no_ip1 urlpath_regex .[0-9]3$.[a-zA-Z][0-9]2,$
acl no_ip2 dstdom_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+$
acl msn_messenger req_mime_type -i ^application/x-msn-messenger$
#
acl ext_audio_video urlpath_regex "/etc/squid/rules/restricted/ext_audio_video_list"
acl no_chat1 dstdomain "/etc/squid/rules/restricted/chat/chat_domains_list"
acl no_chat2 url_regex "/etc/squid/rules/restricted/chat/chat_urls_list"
acl no_filehosting1 dstdomain "/etc/squid/rules/restricted/filehosting/fhost_domains_list"
acl no_filehosting2 url_regex "/etc/squid/rules/restricted/filehosting/fhost_urls_list"
acl no_filesharing1 dstdomain "/etc/squid/rules/restricted/filesharing/fshare_domains_list"
acl no_filesharing2 url_regex "/etc/squid/rules/restricted/filesharing/fshare_urls_list"
acl no_instantmessaging1 dstdomain "/etc/squid/rules/restricted/instantmessaging/im_domains_list"
acl no_instantmessaging2 url_regex "/etc/squid/rules/restricted/instantmessaging/im_urls_list"
acl no_proxy1 dstdomain "/etc/squid/rules/restricted/proxy/proxy_domains_list"
acl no_proxy2 url_regex "/etc/squid/rules/restricted/proxy/proxy_urls_list"
acl no_social_networks dstdomain "/etc/squid/rules/restricted/social_networks/snet_domains_list"
acl forbidden_words url_regex "/etc/squid/rules/restricted/forbidden_words_list"
acl it_words url_regex "/etc/squid/rules/restricted/it_words_list"
acl X1_words url_regex "/etc/squid/rules/restricted/X1_words_list"
acl word_restricted_plus url_regex "/etc/squid/rules/restricted/word_restricted_plus"
acl browsers_apps browser "/etc/squid/rules/browsers_apps_list"
#
# STATEMENTS TO IP ADDRESS ALLOW
#-----------------------------------------------------------------------------
acl ip_addrs_dmz_servers src "/etc/squid/rules/ip_addrs/ip_adrs_dmz_list"
acl ip_addrs_admins src "/etc/squid/rules/ip_addrs/ip_adrs_admins_list"
acl ip_addrs_lan_internet src "/etc/squid/rules/ip_addrs/ip_addrs_lan_3w_list"
acl ip_addrs_lan_X4_inside src "/etc/squid/rules/ip_addrs/ip_addrs_lan_X4_inside_list"
acl lan_subnet src 192.168.222.0/24
#
acl users_admins proxy_auth "/etc/squid/rules/user/users_admins_list"
acl users_X1_internet proxy_auth "/etc/squid/rules/user/users_X1_internet_list"
acl users_X1_X4_inside proxy_auth "/etc/squid/rules/user/users_X1_X4_inside_list"
#
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl Safe_ports port 21 # ftp
#acl Safe_ports port 1935 # openmeetings
#acl Safe_ports port 5080 # openmeetings
#acl Safe_ports port 8088 # openmeetings
#acl Safe_ports port 70 # gopher
#acl Safe_ports port 210 # wais
#acl Safe_ports port 1025-65535 # unregistered ports
#acl Safe_ports port 280 # http-mgmt
#acl Safe_ports port 6667 # irc
#acl Safe_ports port 488 # gss-http
#acl Safe_ports port 591 # filemaker
#acl Safe_ports port 777 # multiling http
#acl Safe_ports port 631 # cups
#acl Safe_ports port 873 # rsync
#acl Safe_ports port 901 # SWAT
#
# END OF ACL
#-------------------------------------------------------------------------------
# DEFAULT CONFIGURATION
#---- Mrtg -----
snmp_port 3401
snmp_access allow community localhost
snmp_access deny all
#
http_access allow manager localhost
http_access allow manager ip_addrs_admins
http_access allow manager sqstat
http_access allow ip_addrs_dmz_servers
http_access allow ip_addrs_admins users_admins
http_access deny manager
http_access deny purge !localhost
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
#http_access deny connect no_ip1 all
#http_access deny connect no_ip2 all
#http_access deny msn_messenger
#
#-------------------------------------------------------------------------------
# HERE I DEFINE THE ACL POLICY
#-------------------------------------------------------------------------------
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
http_access allow localhost
#http_access deny !browsers_apps
#
#########################################################################
# HERE WE GIVE ACCESS TO MACHINES THAT JUST CAN BROWSE INSIDE .X4 DOMAIN
#########################################################################
http_access allow ip_addrs_lan_X4_inside users_X1_X4_inside X4_inside sites-ok !no_ip1 !no_ip2 !X1_words !ext_audio_video
###############################################
# HERE WE GIVE THE INTERNET ACCESS TO MACHINES
###############################################
http_access allow ip_addrs_lan_internet users_X1_internet !no_ip1 !no_ip2 !no_proxy1 !no_proxy2 !ext_audio_video !no_chat1 !no_chat2 !no_filehosting1 !no_filehosting2 !no_filesharing1 !no_instantmessaging1 !no_instantmessaging2 !no_social_networks
http_access deny all
#
# TAG: http_reply_access
http_reply_access allow all
#
icp_access allow all
#------------------------------------------------------------------------------
# END OF POLICY
#------------------------------------------------------------------------------
# MISCELANEAS
#--------------------------------------------------------------------------------------------
auth_param basic realm ¡HOLA! COMO PROXY DEL ENTORNO X1.X2.X3.X4 | SUGIERO: ¡CUIDADO!
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
#
cache_mgr admins@X2.X3.X4
visible_hostname proxy.X2.X3.X4
# HERE WE WRITE SEEM TO THE APACHE LOGS
emulate_httpd_log on
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%Referer>h" "%User-Agent>h" %Ss:%Sh
logfile_rotate 10
# ACELERATION
#httpd_accel_host virtual
#httpd_accel_port 0
#httpd_accel_with_proxy on
# PASSWORDS
cachemgr_passwd UnixMan all
cache_effective_user proxy
cache_effective_group proxy
#
# TAG: coredump_dir
coredump_dir /var/spool/squid
#
http_port 172.16.5.4:3128
always_direct allow all
#
#
# PASSIVE FTP
ftp_user admins@X2.X3.X4
ftp_list_width 32
ftp_sanitycheck on
ftp_passive on
# TAG: dns_nameservers
dns_nameservers 172.16.5.11 172.16.5.12
#------------------------------ DELAYS POOLS ------------------------------#
################################################
## BANDWITH TABLA VALUES ##
#-----------------------------------------------
# TRANSFER RATE DELAY_POOLS VALUE
#-----------------------------------------------
# 32 Kbps 4096
# 64 Kbps 8192
# 100 Kbps 12800
# 128 Kbps 16384 > [ 1Mbps ]
# 150 Kbps 19200
# 256 Kbps 32768 > [ 2Mbps ]
# 300 Kbps 38400
# 350 Kbps 44800
# 384 Kbps 49152 > [ 3Mbps ]
# 400 Kbps 51200
# 512 Kbps 65536 > [ 4Mbps ]
# 550 Kbps 70400
# 600 Kbps 76800
# 650 Kbps 83200
# 700 Kbps 89600
# 750 Kbps 96000
# 768 Kbps 98304 > [ 6Mbps ]
# 800 Kbps 102400
# 850 Kbps 108800
# 900 Kbps 115200
# 950 Kbps 121600
# 1024 Kbps 131072
# 1050 Kbps 134400
#
delay_class 1 1
delay_parameters 1 49152/49152 # IP ADDRESS LAN - [ 384 Kbps = 3Mbps ]
delay_access 1 allow lan_subnet
delay_access 1 deny all
linux ubuntu squid samba4
linux ubuntu squid samba4
edited Jan 6 at 8:32
Yndy Aglr
asked Dec 28 '18 at 7:53
Yndy AglrYndy Aglr
62
62
closed as unclear what you're asking by Rui F Ribeiro, msp9011, Thomas, Stephen Harris, Fabby Dec 28 '18 at 21:14
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as unclear what you're asking by Rui F Ribeiro, msp9011, Thomas, Stephen Harris, Fabby Dec 28 '18 at 21:14
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |
add a comment |
0
active
oldest
votes
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes