Linux - Server This forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
#1
Member
Registered: May 2012
Posts: 34
Rep:
squid.conf problem
Hi i am using squid 2.7 stable9 and i would an ldap authentication to my users
squid works well with ldap
Quote:
# /usr/lib/squid/ldap_auth -b "ou=groups,dc=example,dc=com" -f "uid=%s" -h 127.0.0.1 -d -v 3
i would now configure the squid.conf file to use authentification
but when i restart squid,it still waiting,and wouldn't start
and this is the content of squid.conf file
Quote:
/usr/lib/squid/ldap_auth -b "ou=groups,dc=example,dc=com" -f "uid=%s" -h 127.0.0.1 -d -v 3
thanks to help to resolv this problem
#2
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,163
Quote:
/usr/lib/squid/ldap_auth -b "ou=groups,dc=example,dc=com" -f "uid=%s" -h 127.0.0.1 -d -v 3
The line in bold is wrong. You need a "auth_param basic program" before of it, to define the helper application used.
See the example
here
Regards
#3
Member
Registered: May 2012
Posts: 34
Original Poster
Rep:
i am sorry but always the same problem
#4
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,163
Quote:
Originally Posted by
bachawiss
i am sorry but always the same problem
Have a look at the logs (/var/log/messages, /var/log/syslog, squid logs) to see if you find anything.
Or you can start squid from CLI in debug mode and watch the output:
Code:
/usr/sbin/squid -X -N
(Change the path to the squid executable accordingly)
Regards
#5
Member
Registered: May 2012
Posts: 34
Original Poster
Rep:
Code:
/usr/sbin/squid -X -N
i found anything in log files (squid logs)because it s not working
this is the result of the debug
Last edited by bachawiss; 05-24-2012 at 07:10 PM .
#6
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,163
The last lines from the file you've attached:
Quote:
<snip>
So check squid.conf, if you have defined an ACL named localhost
#7
Member
Registered: May 2012
Posts: 34
Original Poster
Rep:
Quote:
Originally Posted by
bathory
The last lines from the file you've attached:
this acl is available O.o
acl localhost src 127.0.0.1/32
the problem is in the lines writen in 1st post
when i commnet them,it works
Last edited by bachawiss; 05-25-2012 at 03:52 AM .
#8
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,163
Quote:
the problem is in the lines writen in 1st post
Then did you change them as advised in my 1st reply? You should have:
Code:
auth_param basic program /usr/lib/squid/ldap_auth -b "ou=groups,dc=example,dc=com" -f "uid=%s" -h 127.0.0.1 -d -v 3
auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute
acl ldap-auth proxy_auth REQUIRED
#9
Member
Registered: May 2012
Posts: 34
Original Poster
Rep:
Quote:
Originally Posted by
bathory
Then did you change them as advised in my 1st reply? You should have:
Code:
auth_param basic program /usr/lib/squid/ldap_auth -b "ou=groups,dc=example,dc=com" -f "uid=%s" -h 127.0.0.1 -d -v 3
auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute
acl ldap-auth proxy_auth REQUIRED
Yes of course
#10
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,163
OK, post squid.conf to see if we can spot the error
#11
Member
Registered: May 2012
Posts: 34
Original Poster
Rep:
Quote:
Originally Posted by
bathory
OK, post squid.conf to see if we can spot the error
)
#12
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,163
Wow, you could trim down comments at least!!
#13
Member
Registered: May 2012
Posts: 34
Original Poster
Rep:
Quote:
Originally Posted by
bathory
Wow, you could trim down comments at least!!
)
#14
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,163
Better stop smilies and write something useful, if you really need help.
Try the following and let us know how it goes
Code:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
#this is the lines that i add for the ldap authentication :
auth_param basic program /usr/lib/squid/ldap_auth -b "ou=groups,dc=example,dc=com" -f "uid=%s" -h 127.0.0.1 -d -v 3
auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute
acl ldap-auth proxy_auth REQUIRED
http_access allow ldap-auth
http_access allow localhost
http_access deny all
##### The rest as is #####
http_port 3128 transparent
access_log /var/log/squid/access.log squid
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
acl yahoo dstdomain fr.yahoo.com
http_access deny yahoo
http_access allow all
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
url_rewrite_children 5
#15
Member
Registered: May 2012
Posts: 34
Original Poster
Rep:
thanks it works pefectly
All times are GMT -5. The time now is 07:53 AM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
)
