LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-09-2011, 01:29 PM   #1
Mustafa Ismail Mustafa
Member
 
Registered: Nov 2009
Location: Amman, Jordan
Distribution: Ubuntu 10.04, CentOS 5.5, FreeBSD 7.2, Debian Squeeze, PC-BSD 8
Posts: 44

Rep: Reputation: 0
Squid Proxy - Bungled line


I don't get it.

I followed (partially) the config file that was displayed on the squid site (here: Clickety) after I had joined the server to the domain (correctly as per the how to on the CentOS website)

BTW, this is with CentOS 5.5 and Squid 2.6

This is my squid.conf:

Code:
#auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="RCH\InternetUsers"

auth_param ntlm program /usr/local/bin/ntlm_auth RCH/RCHDC01

auth_param ntlm children 30
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
# ntlm_auth from Samba 3 supports NTLM NEGOTIATE packet
auth_param ntlm use_ntlm_negotiate on

# warning: basic authentication sends passwords plaintext
# a network sniffer can and will discover passwords
auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="RCH\InternetUsers"
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl InternetUsers proxy_auth REQUIRED
http_access allow InternetUsers
http_access deny all
The idea is to block all users not in the AD security group "InternetUsers" from accessing the internet (this is intentional as at the Red Cross Hospital there is some serious time wastage happening and therefore lock down is in place)

When I try to start the squid service it fails and checking /var/logs/messages it reads:

Quote:
Feb 9 21:25:25 RCHPX01 squid[13525]: Bungled squid.conf line 21: http_access deny all
And this is when I suffered my "huh!?!?!" moment.

Any ideas?

TIA
 
Old 02-10-2011, 08:04 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
you deleted the "all" acl i guess, it's certainly not in the config there. "all" is not a built in name, it's defined higher up in the file usually.
 
Old 02-16-2011, 12:15 PM   #3
Mustafa Ismail Mustafa
Member
 
Registered: Nov 2009
Location: Amman, Jordan
Distribution: Ubuntu 10.04, CentOS 5.5, FreeBSD 7.2, Debian Squeeze, PC-BSD 8
Posts: 44

Original Poster
Rep: Reputation: 0
Can't seem to make it work with that either.

Now my conf file is:

Code:
  1 #auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="RCH\InternetUsers"
  2 
  3 
  4 auth_param ntlm program /usr/local/bin/ntlm_auth RCH/RCHDC01
  5 
  6 auth_param ntlm children 30
  7 auth_param ntlm max_challenge_reuses 0
  8 auth_param ntlm max_challenge_lifetime 2 minutes
  9 # ntlm_auth from Samba 3 supports NTLM NEGOTIATE packet
 10 auth_param ntlm use_ntlm_negotiate on
 11 
 12 # warning: basic authentication sends passwords plaintext
 13 # a network sniffer can and will discover passwords
 14 auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="RCH\InternetUsers"
 15 auth_param basic children 5
 16 auth_param basic realm Squid proxy-caching web server
 17 auth_param basic credentialsttl 2 hours
 18 
 19 
 20 acl all src 0.0.0.0/0.0.0.0
 21 acl InternetUsers proxy_auth REQUIRED
 22 http_access allow InternetUsers
 23 http_access deny all
And when I try to run squid (sudo /sbin/service squid start) I get:

Code:
sudo /sbin/service squid start
Starting squid: /etc/init.d/squid: line 42:  4885 Aborted                 $SQUID $SQUID_OPTS >> /var/log/squid/squid.out 2>&1
                                                           [FAILED]
But if I reset squid.conf back to the very original file that came out of the box, it runs without a hitch.

Any ideas?
 
Old 02-16-2011, 04:19 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Well you need to find it what the error was. Not sure why the service script b0rked so badly, but that isn't the error itself. Look in the log files or run squid directly without the service script for full disclosure.
 
Old 02-17-2011, 07:25 AM   #5
Mustafa Ismail Mustafa
Member
 
Registered: Nov 2009
Location: Amman, Jordan
Distribution: Ubuntu 10.04, CentOS 5.5, FreeBSD 7.2, Debian Squeeze, PC-BSD 8
Posts: 44

Original Poster
Rep: Reputation: 0
OK, I went at it with the determination of a hamster on his wheel.

I figured out several things.

1. I had to be a lot more precise when it comes to my src definition (which makes sense)
2. If I have httpd running, obviously I cannot use port 80 because competition would ensue between the services
3. The location of the ntlm helper libraries are not the ones I, naively, pasted right away. I should have known better.
4. I should RTFM before I start tackling stuff like this and then asking n00b questions.

Thanks a lot mate, you were patient with me

Last edited by Mustafa Ismail Mustafa; 02-17-2011 at 07:26 AM. Reason: forgot another point
 
  


Reply

Tags
active directory, squidconf, squidproxy


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid Proxy Server on Ubuntu and WPAD - Proxy Auto Detection cheesewizz Linux - Networking 1 12-10-2010 02:49 AM
configure squid proxy with cc proxy as a parent proxy faisi Linux - Networking 1 08-10-2010 01:16 PM
FATAL: Bungled squid.conf line 10: cache_dir diskd /cache1/cache 5000 16 256 shoaibrehman Linux - Newbie 1 07-20-2008 10:02 AM
configure squid proxy with microsoft proxy as a parent proxy nintykola Linux - Software 1 08-28-2007 01:38 AM


All times are GMT -5. The time now is 11:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration