hi all Gurus,
i am stuck on this problem, and unable to find the solution. I want to use squid Proxy to ask username password to user for internet usage and if username password not correct squid stops user access.
I use following installation commands and configuration but still squid not asking for username password, and I can use Internet browsing by defining proxy in my client proxy.

I use following installataion commands one by one but non of them works, and configure squid to use ncsa_auth.
./configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies

then I use

./configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies --enable-basic-auth-helpers

then I use

./configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies --enable-basic-auth-helpers=NCSA

with following squid.conf configuration one by one.

htpasswd /usr/local/squid/etc/passwd testuser
New password:
Re-type new password:

chmod o+r /usr/local/squid/etc/passwd

locate ncsa_auth
(then I found ncsa_auth in)

/download/squid-3.0.STABLE25/helpers/basic_auth/NCSA/ncsa_auth.8
/download/squid-3.0.STABLE25/helpers/basic_auth/NCSA/ncsa_auth.c
/download/squid-3.0.STABLE25/helpers/basic_auth/NCSA/.deps/ncsa_auth.Po
/usr/local/squid/libexec/ncsa_auth
/usr/local/squid/share/man/man8/ncsa_auth.8

So I use following options.

auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

No error received in access.log or /var/logs/messages files, nor on client screen, client still using internet browsing without asking username password by squid,
Plz help me,

Keep in mind that authentication for squid works only when browsers are configured to connect to proxy on the specified port explicitly. Transparent proxying will not allow authentication mechanism. I tested NCSA authentication and it works perfectly if you have gone through the steps well. Also check the cache.out file.

I try to find cache.out file
locate cache.out
but there is no file by this name in my linux.

also I am not using transparent proxy, I manually put proxy IP n port in client PC browser.

Help required.

Sorry. That was a typo. Its not cache.out but cache.log.
And can you post your http_access area? What are the configurations there. Have you configured squid and told it to use proxy authentication for internet access by creating an acl like

following are my acl and http_access lines

acl users src 192.168.0.0/22

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl ncsausers proxy_auth REQUIRED



http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow ncsausers
http_access deny all

nothing in http_reply_access , and icp_access (these option are as default)

Rizwan.

Any one els
plzz help me,

..

Start off from the basics.
Comment all the http_access lines. And now use only those for the login purpose. Then see if it is working.
Also check if your squid is accepting the requests properly and that the browsers are connecting to squid and are not bypassing it.
Check for the log files. My authentication mechanism is working fine with the set up. Check for the errors in the log files.

think you need to specify acls alittle different:

acl users src 192.168.0.0/22
acl ncsausers proxy_auth
acl proxy_auth REQUIRED



http_access allow ncsausers
http_access allow users #(acl for your src network)
http_access deny all



or this way:

acl users src 192.168.0.0/22
acl ncsausers proxy_auth REQUIRED


http_access allow all ncsausers
http_access allow users #(acl for your src network)
http_access deny all

I find the access control lists fine. I am unable to understand what are the errors. I would like to know the errors from the log file if there are any and what are the client side configurations.

can you please tell me the exact SQUID version you are using??
I am using Squid3-0-Stable25

This is the version of squid I am using

Hi
what about permissions ?
/usr/local/squid/libexec/ncsa_auth is executable ? does squid user have access ?
/usr/local/squid/etc/passwd does squid user have access ?

What is access.log saying ? does your clients reach squid ?
what about cache.log ? does it show some errors ?

damade

dear Guru can you tell me what I have to add in my ./configure line or make & make install in helpers/basic_auth/NCSA/ directory before installing tarball or after installation of tarball???? to enable NCSA Authentication.

Problem solved. thanks to all of you, who help me in this issue.
solutions is. (step by step which I done)

mkdir download
cd /download

1- download squid.3.0.STABLE25.tar.gz
2- tar -zxvf squid.3.0.STABLE25.tar.gz
3- cd squid.3.0.STABLE25
4- ./configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies --enable-basic-auth-helpers

5- make
6- cd /download/squid.3.0.STABLE25/helpers/basic_auth/NCSA/
7- make
8- make install
9- cd /download/squid.3.0.STABLE25
10- make install

cheear up your ncsa auth is configured and ncsa_auth file is located in /usr/local/squid/libexec directory .

now you have to configure you squid.conf file to work with ncsa auth. (to ask username and password )

here is my squid.conf file

acl users src 192.168.0.0/22
acl ncsausers proxy_auth REQUIRED

http_access allow all ncsausers
http_access allow users #(acl for your src network)
http_access deny all

http_port 8080

hierarchy_stoplist cgi-bin ?

cache_mem 8 MB

maximum_object_size_in_memory 8 KB

memory_replacement_policy lru

cache_replacement_policy lru

cache_dir ufs /usr/local/squid/var/cache 500 16 256

minimum_object_size 0 KB

maximum_object_size 50096 KB

access_log /usr/local/squid/var/logs/access.log squid

cache_log /usr/local/squid/var/logs/cache.log

cache_store_log /usr/local/squid/var/logs/store.log

logfile_rotate 3

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

cache_effective_user nobody

cache_effective_group nobody

auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off


NOW its time to configure your "passwd" file to save username password.


# htpasswd /usr/local/squid/etc/passwd user1
Output:
New password:
Re-type new password:
Adding password for user user1
Make sure squid can read passwd file:
# chmod o+r /usr/local/squid/etc/passwd


ALL DONE now YOU HAVE TO TEST YOU SQUID.CONF FILE.
/usr/local/squid/sbin/squid -k check

IF NO ERROR THEN YOU ARE HAPPY.
LETS START YOUR SQUID AND TEST.
/usr/local/squid/sbin/squid -z (to create cache sub-directories and files)
/usr/local/squid/sbin/squid (to start squid)

NOW GO TO YOUR CLIENT PC AND SET PROXY SETTING IN INTERNET EXPLORER AND TRY TO BROWSE.
WHEN I DO THIS , PROXY ASK ME USERNAME AND PASSWORD AND AFTER INPUT THIS I CAN ACCESS INTERNET.
HURRY
THANKS AGAIN TO ALL OF YOU WHO HELP ME.

I dont know why you needed to compile squid manually for that. Squid on CentOS comes with basic auth helpers pre compiled. But thanks for the step by step procedure. That should help someone coming for the same issue.