Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Redhat, Fedora, Open BSD, FreeBSD, SlackWare
Posts: 115
Rep:
squid ncsa auth not working
hi all Gurus,
i am stuck on this problem, and unable to find the solution. I want to use squid Proxy to ask username password to user for internet usage and if username password not correct squid stops user access.
I use following installation commands and configuration but still squid not asking for username password, and I can use Internet browsing by defining proxy in my client proxy.
I use following installataion commands one by one but non of them works, and configure squid to use ncsa_auth.
./configure --enable-delay-pools --enable-linux-netfilter --enable-arp-acl --disable-ident-lookups --enable-snmp --enable-removal-policies
auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
No error received in access.log or /var/logs/messages files, nor on client screen, client still using internet browsing without asking username password by squid,
Plz help me,
Last edited by netguy2000; 01-20-2011 at 11:25 PM.
Keep in mind that authentication for squid works only when browsers are configured to connect to proxy on the specified port explicitly. Transparent proxying will not allow authentication mechanism. I tested NCSA authentication and it works perfectly if you have gone through the steps well. Also check the cache.out file.
Sorry. That was a typo. Its not cache.out but cache.log.
And can you post your http_access area? What are the configurations there. Have you configured squid and told it to use proxy authentication for internet access by creating an acl like
Start off from the basics.
Comment all the http_access lines. And now use only those for the login purpose. Then see if it is working.
Also check if your squid is accepting the requests properly and that the browsers are connecting to squid and are not bypassing it.
Check for the log files. My authentication mechanism is working fine with the set up. Check for the errors in the log files.
I find the access control lists fine. I am unable to understand what are the errors. I would like to know the errors from the log file if there are any and what are the client side configurations.
Distribution: Red hat, Solaris, AIX, HP-UX, FreeBSD
Posts: 15
Rep:
Hi
what about permissions ?
/usr/local/squid/libexec/ncsa_auth is executable ? does squid user have access ?
/usr/local/squid/etc/passwd does squid user have access ?
What is access.log saying ? does your clients reach squid ?
what about cache.log ? does it show some errors ?
Distribution: Redhat, Fedora, Open BSD, FreeBSD, SlackWare
Posts: 115
Original Poster
Rep:
dear Guru can you tell me what I have to add in my ./configure line or make & make install in helpers/basic_auth/NCSA/ directory before installing tarball or after installation of tarball???? to enable NCSA Authentication.
auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
NOW its time to configure your "passwd" file to save username password.
# htpasswd /usr/local/squid/etc/passwd user1
Output:
New password:
Re-type new password:
Adding password for user user1
Make sure squid can read passwd file:
# chmod o+r /usr/local/squid/etc/passwd
ALL DONE now YOU HAVE TO TEST YOU SQUID.CONF FILE.
/usr/local/squid/sbin/squid -k check
IF NO ERROR THEN YOU ARE HAPPY.
LETS START YOUR SQUID AND TEST.
/usr/local/squid/sbin/squid -z (to create cache sub-directories and files)
/usr/local/squid/sbin/squid (to start squid)
NOW GO TO YOUR CLIENT PC AND SET PROXY SETTING IN INTERNET EXPLORER AND TRY TO BROWSE.
WHEN I DO THIS , PROXY ASK ME USERNAME AND PASSWORD AND AFTER INPUT THIS I CAN ACCESS INTERNET.
HURRY
THANKS AGAIN TO ALL OF YOU WHO HELP ME.
I dont know why you needed to compile squid manually for that. Squid on CentOS comes with basic auth helpers pre compiled. But thanks for the step by step procedure. That should help someone coming for the same issue.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.