NS7-b2 Squid broken ACL permissions on shared folders


I’m testing Nethserver 7 to act as a gateway, proxy and domain server.
When enable Web Proxy, ACL shared folders stopped working.
Steps to reproduce:

-install Nethserver in unattended mode;
-apply updates in console mode;
-access web interface and make the initial wizard changes;
-configure network with one green static and one red DHCP;
-apply DHCP to green interface;
-install nethserver-DC, file server, web filter and web proxy;
-go to user an groups and start DC with bridge checked;
-change administrator password;
-create two users with no password expire and no ssh;
-create two groups and insert users;
-create two shared folders for groups with write permission to owner;
-apply DHCP to bridge interface;
-join Windows client and test write permission on shared folders: OK;
-enable web proxy: transparent with SSL on green and blue and disabled cache.
-reboot server;
-go to status, domain accounts: can’t find ldap server, but domain is OK;
-start Windows client and test shared folders permission: have no permission to access them;
-return to domain accounts: ldap server is back;
-start Windows client and test shared folders permission: have no permission;
-disable Web Proxy;
-start Windows client and test shared folders permission: OK.


Best regards.

1 Like

Thank you for the detailed report and for attaching your log file, @celiofk.

I’d try to reproduce it /cc @quality_team

BTW, this sounds similar to the other issue. I guess you installed the packages from the testing repos at first. But I cannot find any evidence of the update in your log file.

Do you have an idea where they differ?

No, I’m not using testing repos, just stable. I opened a new thread because @giacomo request me to do it.

Well, squidguard segfault and ACL based profile creation was solved and were not related. I think that the problem is the same now, but @giacomo is investigating and he will find the answer soon.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.