LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   squid.conf problem (https://www.linuxquestions.org/questions/linux-server-73/squid-conf-problem-946671/)

bachawiss 05-24-2012 01:34 PM
squid.conf problem
 
Hi i am using squid 2.7 stable9 and i would an ldap authentication to my users
squid works well with ldap


Quote:
# /usr/lib/squid/ldap_auth -b "ou=groups,dc=example,dc=com" -f "uid=%s" -h 127.0.0.1 -d -v 3
user1 user1
user filter 'uid=user1', searchbase 'ou=groups,dc=example,dc=com'
attempting to authenticate user 'cn=user1,ou=groups,dc=example,dc=com'
OK
i would now configure the squid.conf file to use authentification
but when i restart squid,it still waiting,and wouldn't start
and this is the content of squid.conf file
Quote:
/usr/lib/squid/ldap_auth -b "ou=groups,dc=example,dc=com" -f "uid=%s" -h 127.0.0.1 -d -v 3

auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute

acl ldap-auth proxy_auth REQUIRED

http_access allow ldap-auth
http_access allow localhost
http_access deny all
thanks to help to resolv this problem

bathory 05-24-2012 04:09 PM
Quote:
/usr/lib/squid/ldap_auth -b "ou=groups,dc=example,dc=com" -f "uid=%s" -h 127.0.0.1 -d -v 3

auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute

acl ldap-auth proxy_auth REQUIRED

http_access allow ldap-auth
http_access allow localhost
http_access deny all
The line in bold is wrong. You need a "auth_param basic program" before of it, to define the helper application used.
See the example here


Regards

bachawiss 05-24-2012 04:28 PM
i am sorry but always the same problem

# /etc/init.d/squid start
squid stop/waiting

bathory 05-24-2012 05:24 PM
Quote:
Originally Posted by bachawiss (Post 4686760)
i am sorry but always the same problem

# /etc/init.d/squid start
squid stop/waiting
Have a look at the logs (/var/log/messages, /var/log/syslog, squid logs) to see if you find anything.
Or you can start squid from CLI in debug mode and watch the output:
Code:
/usr/sbin/squid -X -N
(Change the path to the squid executable accordingly)

Regards

bachawiss 05-24-2012 07:07 PM
1 Attachment(s)
Code:
/usr/sbin/squid -X -N
i found anything in log files (squid logs)because it s not working
this is the result of the debug

bathory 05-25-2012 12:31 AM
The last lines from the file you've attached:
Quote:
<snip>
2012/05/25 01:03:23| aclParseAclList: looking for ACL name 'localhost'
2012/05/25 01:03:23| ACL name 'localhost' not defined!
2012/05/25 01:03:23| leave_suid: PID 10097 called
2012/05/25 01:03:23| leave_suid: PID 10097 giving up root, becoming 'proxy'
FATAL: Bungled squid.conf line 10: http_access allow localhost
Squid Cache (Version 2.7.STABLE9): Terminated abnormally.
So check squid.conf, if you have defined an ACL named localhost

bachawiss 05-25-2012 03:50 AM
Quote:
Originally Posted by bathory (Post 4687007)
The last lines from the file you've attached:

So check squid.conf, if you have defined an ACL named localhost
this acl is available O.o

acl localhost src 127.0.0.1/32

the problem is in the lines writen in 1st post
when i commnet them,it works

bathory 05-25-2012 04:25 AM
Quote:
the problem is in the lines writen in 1st post
when i commnet them,it works
Then did you change them as advised in my 1st reply? You should have:
Code:
auth_param basic program /usr/lib/squid/ldap_auth -b "ou=groups,dc=example,dc=com" -f "uid=%s" -h 127.0.0.1 -d -v 3

auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute

acl ldap-auth proxy_auth REQUIRED

bachawiss 05-25-2012 05:08 AM
Quote:
Originally Posted by bathory (Post 4687177)
Then did you change them as advised in my 1st reply? You should have:
Code:
auth_param basic program /usr/lib/squid/ldap_auth -b "ou=groups,dc=example,dc=com" -f "uid=%s" -h 127.0.0.1 -d -v 3

auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute

acl ldap-auth proxy_auth REQUIRED
Yes of course

bathory 05-25-2012 06:04 AM
OK, post squid.conf to see if we can spot the error

bachawiss 05-25-2012 06:24 AM
1 Attachment(s)
Quote:
Originally Posted by bathory (Post 4687267)
OK, post squid.conf to see if we can spot the error
:))

bathory 05-25-2012 07:13 AM
Wow, you could trim down comments at least!!
Anyway, put all your ACLs at the beginning, or in anyway before using them with http_access directives

Regards

bachawiss 05-25-2012 08:08 AM
1 Attachment(s)
Quote:
Originally Posted by bathory (Post 4687324)
Wow, you could trim down comments at least!!
Anyway, put all your ACLs at the beginning, or in anyway before using them with http_access directives

Regards
:))

bathory 05-25-2012 08:40 AM
Better stop smilies and write something useful, if you really need help.
Try the following and let us know how it goes
Code:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

#this is the lines that i add for the ldap authentication :
auth_param basic program /usr/lib/squid/ldap_auth -b "ou=groups,dc=example,dc=com" -f "uid=%s" -h 127.0.0.1 -d -v 3

auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 1 minute

acl ldap-auth proxy_auth REQUIRED

http_access allow ldap-auth
http_access allow localhost
http_access deny all

##### The rest as is #####
http_port 3128 transparent
access_log /var/log/squid/access.log squid
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
acl yahoo dstdomain fr.yahoo.com
http_access deny yahoo
http_access allow all
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
url_rewrite_children 5

bachawiss 05-25-2012 10:10 AM
thanks it works pefectly


All times are GMT -5. The time now is 04:35 AM.