[Freeipa-users] squid problems when upgrading to 6.4
Dale Macartney
dale at themacartneyclan.com
Thu Mar 14 08:41:56 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/14/2013 08:11 AM, Dale Macartney wrote:
>
>
> On 03/14/2013 08:07 AM, Martin Kosek wrote:
> > On 03/13/2013 11:02 PM, Natxo Asenjo wrote:
> >> On Wed, Mar 13, 2013 at 10:45 PM, Dale Macartney
> >> <dale at themacartneyclan.com> wrote:
> >>> I've just deployed a RHEL 6.4 proxy and the guide is still
accurate and
> >>> works.. however I agree a config file would be a better place for the
> >>> options. Both work at the end of the day.
> >>
> >> yes, the guide is accurate, but upgrading to meet a bunch of angry
> >> users is not nice ;-)
> >>
> >>> I'm more curious as to why your squid init script was replaced instead
> >>> of the usual scenario of having the new file saved as .rpmsave.
> >>
> >> beats me. Anyway, config stuff should go in /etc/sysconfig, period ;-)
> >> ; we should not be touching the init scripts. The init scripts source
> >> the files in /etc/sysconfig/*
> >>
> >>>> By the way, I came accross http://squidkerbauth.sourceforge.net/
> >>>> squid_kerb_ldap to allow/block stuff in the proxy depending on ldap
> >>>> group membership. I have not tested it yet, but will post it if(when)
> >>>> I get it working.
> >>> You can also check out SquidGuard, which is available in EPEL.
> >>
> >> ha, squid_kerb_ldap is not a proxy, it is an authenticator for squid
> >> and what it does is verify the group membership of the users so you
> >> can build ACLs based on that.
> >>
> >> squidguard is nice. I like privoxy too ;-)
> >>
> >>> I've written an article for Active Directory, however it is just
as easy
> >>> to use it with IPA.
> >>>
>
https://www.dalemacartney.com/2012/07/06/web-proxy-filtering-with-squidguard-using-active-directory-group-memberships/
> >>
> >> cool, thanks.
> >>
>
> > Hi guys,
>
> > Dale, do you plan to update the howto on FreeIPA wiki to fix the
> configuration
> > section? If not, I can try to update it myself. I agree with Natxo
> that having
> > the configuration in /etc/sysconfig/squid is safer than having it
> hacked in the
> > init script.
>
> > Thanks both to sharing this info btw :-)
>
> > Martin
> Yes mate,
> I've literally just walked into the office and connected to vpn. Will be
> updating momentarily.
>
> Dale
Article updated
http://www.freeipa.org/page/Squid_Integration_with_FreeIPA_using_Single_Sign_On
>
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJRQY1RAAoJEAJsWS61tB+q+30P/jTcKGqeiqOM7o92e94wdS8x
GlSW3VorfEqywD2CFmhSQhK3G1d5XLsqXjth70s0Iup0Ciqt27BwdTmaDNRry8x7
Fp0yWFwFYk72h808ZHggAt9zTTLzZcx1cLeax6Z7/T0++E4zCL6ZFg+vXfJhVp9A
ntaFBs/u6+ctKO9ySTTNWtNk1AF9coWrAUl7AlTdT+w7qQCSt6WCVIiu66cvYsQ8
MAt4kdsbXo21su1fReHD7lclemkdqCT5EGoahQllSkFZXhB93iAeJc3SWE80GZEd
7oYyvX41fqKCCnr4G+O1/hZE8FSwtHHUNI9PIsD/in407HZLPQ8Llix3eBUkwwuP
C/HjDbNJIc8VYISvnlmZk64Wx4DF2KK//9CsfLldbNhqRjCFtbjgkrLzYKw2efv2
Dngj2H+V1lxDa6Senqv7JLMlUnXY69di7zWRptIeSH6qrJy+Q8JDQX/zT3Pb8Fxu
/28v9UMuao4hDYX/atIw3z08SPvMqsI7fu3sefYhUDwQSbYqH4yr3yZTPO10Js0B
kdxTY/RNAkzkgYn0ufIo3reZxMh9g2qGqKsGqotKfI3cVQ1UVBkIDiy0+R6sgVNU
Ixw2LSS94j4yWsAndpbkTJSjsRAB4pVNvEmszI3dI++oPteRyXdY7zcyfls561dL
J3oeOuqaDFF7047nxHpV
=j9EX
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130314/a3250bac/attachment.htm>
More information about the Freeipa-users
mailing list