Re: [squid-users] squid authentication to remote sql server
On 15/02/2015 8:25 a.m., snakeeyes wrote: > Hi Amos , > > Shoudnt the user tested is the user that I gave him the grant ??? The 'user' who got a SQL "GRANT" is the software user whch is allowed to acccess the DB contents. That should only be Squid and/or your sysadmin who changes users records. The username records inside the DB is what login to Squid. > > I mean I gave grant for user/pwd ==>squid/squid > > Now how to test it ? > > Shoudnt I test with squid/squid ?? or test with user in db ??? > I mean I used : > /lib/squid/basic_db_auth These mean database to use and how to access it: > --dsn "DBI:mysql:database=squid:xx189.177" --user "squid" --password "squid" These mean where to find the end-users account data: > --table "squid" --usercol "user" --passwdcol "password" > > > Shoud I use : > > /lib/squid/basic_db_auth --dsn "DBI:mysql:database=squid:xx189.177" --user > "Nikesh" --password "test" --table "squid" --usercol "user" --passwdcol > "password" > > ?? No. > > Anyway I used both methods above and didn’t work and gave me error login > > Also I created another user with small letter and tried with same string > above and still error login. > > I logged locally to the mysql and applied the command : > /lib/squid/basic_db_auth --dsn "DBI:mysql:database=squid:xx189.177" --user > "squid" --password "squid" --table "squid" --usercol "user" --passwdcol > "password" > > > And still not working !!! > > In access.log ==> is says access denied > > > Wt do you think Amos ? > I think it works for me and my clients. Must be something in how you are testing it. > Try another squid verson ? or wt ? > > When I test it I get this: > ./basic_db_auth \ > --dsn ... \ > --user "squid" --password "..." \ > --table "accounts" --usercol "user" --passwdcol "passwd" \ > --cond "" --plaintext a b ERR unknown login c d ERR unknown login squid demo OK user password ERR unknown login amos test OK ERR unknown login ERR unknown login I run the lastest alpha / "pre-beta" Squid version so I know what people will be encountering. But the helper code has not changed much since 3.1. It should work the same in any version. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
Hi Amos , Shoudnt the user tested is the user that I gave him the grant ??? I mean I gave grant for user/pwd ==>squid/squid Now how to test it ? Shoudnt I test with squid/squid ?? or test with user in db ??? I mean I used : /lib/squid/basic_db_auth --dsn "DBI:mysql:database=squid:xx189.177" --user "squid" --password "squid" --table "squid" --usercol "user" --passwdcol "password" Shoud I use : /lib/squid/basic_db_auth --dsn "DBI:mysql:database=squid:xx189.177" --user "Nikesh" --password "test" --table "squid" --usercol "user" --passwdcol "password" ?? Anyway I used both methods above and didn’t work and gave me error login Also I created another user with small letter and tried with same string above and still error login. I logged locally to the mysql and applied the command : /lib/squid/basic_db_auth --dsn "DBI:mysql:database=squid:xx189.177" --user "squid" --password "squid" --table "squid" --usercol "user" --passwdcol "password" And still not working !!! In access.log ==> is says access denied Wt do you think Amos ? Try another squid verson ? or wt ? -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Friday, February 13, 2015 1:54 PM To: snakeeyes; squid-users@lists.squid-cache.org Subject: Re: [squid-users] squid authentication to remote sql server On 14/02/2015 5:35 p.m., snakeeyes wrote: > Hi Amos , can you chk below plz ? > > > mysql> select * from squid ; > ++--+-+---+-+ > | user | password | enabled | fullname | comment | > ++--+-+---+-+ > | Nikesh | test | 1 | Test User | for testing purpose | > ++--+-+---+-+ > 1 row in set (0.00 sec) > > > == > here is tesing from the remote squid machine using the helper : > /lib/squid/basic_db_auth --dsn "DBI:mysql:database=squid:xx189.177" --user > "squid" --password "squid" --table "squid" --usercol "user" --passwdcol > "password" > > ERR unknown login > ERR unknown login > ERR unknown login > The username tested for does not exist in the database. You dont show what input you typed, so I cannot be certain why the manual test gives that result. However looking at your access.log lines... > Agia I put the user/pwd in y browser with ni luck , each time it refuse my > connection . > > Here is access.log : > 1423799039.114 1072 192.168.1.6 TCP_DENIED/407 4197 CONNECT > developer.mozilla.org:443 nikesh HIER_NONE/- text/html This user has logged in with username "nikesh". The database contains "Nikesh" with an upper case 'N' character. Try with typing the same case, and if that dont work with lower case username in the database. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
On 14/02/2015 5:35 p.m., snakeeyes wrote: > Hi Amos , can you chk below plz ? > > > mysql> select * from squid ; > ++--+-+---+-+ > | user | password | enabled | fullname | comment | > ++--+-+---+-+ > | Nikesh | test | 1 | Test User | for testing purpose | > ++--+-+---+-+ > 1 row in set (0.00 sec) > > > == > here is tesing from the remote squid machine using the helper : > /lib/squid/basic_db_auth --dsn "DBI:mysql:database=squid:xx189.177" --user > "squid" --password "squid" --table "squid" --usercol "user" --passwdcol > "password" > > ERR unknown login > ERR unknown login > ERR unknown login > The username tested for does not exist in the database. You dont show what input you typed, so I cannot be certain why the manual test gives that result. However looking at your access.log lines... > Agia I put the user/pwd in y browser with ni luck , each time it refuse my > connection . > > Here is access.log : > 1423799039.114 1072 192.168.1.6 TCP_DENIED/407 4197 CONNECT > developer.mozilla.org:443 nikesh HIER_NONE/- text/html This user has logged in with username "nikesh". The database contains "Nikesh" with an upper case 'N' character. Try with typing the same case, and if that dont work with lower case username in the database. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
(322) schedule: schedule: Adding 'logfileFlush', in 1.00 seconds 2015/02/12 22:46:16.301 kid1| AsyncCallQueue.cc(57) fireNext: leaving logfileFlush(0x282a1e8*?) 2015/02/12 22:46:16.301 kid1| AsyncCall.cc(26) AsyncCall: The AsyncCall MaintainSwapSpace constructed, this=0x2834ec0 [call156] 2015/02/12 22:46:16.301 kid1| AsyncCall.cc(93) ScheduleCall: event.cc(237) will call MaintainSwapSpace() [call156] 2015/02/12 22:46:16.301 kid1| AsyncCallQueue.cc(55) fireNext: entering MaintainSwapSpace() 2015/02/12 22:46:16.301 kid1| AsyncCall.cc(38) make: make call MaintainSwapSpace [call156] 2015/02/12 22:46:16.302 kid1| event.cc(322) schedule: schedule: Adding 'MaintainSwapSpace', in 1.00 seconds 2015/02/12 22:46:16.302 kid1| AsyncCallQueue.cc(57) fireNext: leaving MaintainSwapSpace() Agia I put the user/pwd in y browser with ni luck , each time it refuse my connection . Here is access.log : 1423799039.114 1072 192.168.1.6 TCP_DENIED/407 4197 CONNECT developer.mozilla.org:443 nikesh HIER_NONE/- text/html 1423799152.251117 192.168.1.6 TCP_DENIED/407 4097 GET http://yahoo.com/ - HIER_NONE/- text/html 1423799173.404 1143 192.168.1.6 TCP_DENIED/407 4200 GET http://yahoo.com/ nikesh HIER_NONE/- text/html 1423799270.459 1556 192.168.1.6 TCP_DENIED/407 4194 GET http://yahoo.com/ nikesh HIER_NONE/- text/html Any help ?? Should shoud I try more ? -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Tuesday, February 10, 2015 1:58 PM To: snakeeyes; squid-users@lists.squid-cache.org Subject: Re: [squid-users] squid authentication to remote sql server On 11/02/2015 8:40 p.m., snakeeyes wrote: > Hi amos > I hadded squi/squid in the table > > mysql> show tables > -> ; > +-+ > | Tables_in_squid | > +-+ > | passwd | > +-+ > 1 row in set (0.00 sec) > > mysql> select * from passwd; > ++--+-+---+-+ > | user | password | enabled | fullname | comment | > ++--+-+---+-+ > | Nikesh | test | 1 | Test User | for testing purpose | > | squid | squid| 1 | Test User | for testing purpose | > ++--+-+---+-+ > 2 rows in set (0.00 sec) > > mysql> > > > > still has same error ? > > > > how can u help me ? > login with md5 or wt ?? > Try renaming the "password" column. - rename it in the DB, change the squid.conf helper parameter, then reload squid config. Perhapse show us what you are entering on the command line test for username and password? Perhapse try using the --debug option? to get the helper to record in cache log (or on screen for the manul tests). Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
On 11/02/2015 8:40 p.m., snakeeyes wrote: > Hi amos > I hadded squi/squid in the table > > mysql> show tables > -> ; > +-+ > | Tables_in_squid | > +-+ > | passwd | > +-+ > 1 row in set (0.00 sec) > > mysql> select * from passwd; > ++--+-+---+-+ > | user | password | enabled | fullname | comment | > ++--+-+---+-+ > | Nikesh | test | 1 | Test User | for testing purpose | > | squid | squid| 1 | Test User | for testing purpose | > ++--+-+---+-+ > 2 rows in set (0.00 sec) > > mysql> > > > > still has same error ? > > > > how can u help me ? > login with md5 or wt ?? > Try renaming the "password" column. - rename it in the DB, change the squid.conf helper parameter, then reload squid config. Perhapse show us what you are entering on the command line test for username and password? Perhapse try using the --debug option? to get the helper to record in cache log (or on screen for the manul tests). Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (facepalm) 11.02.15 13:40, snakeeyes пишет: > Hi amos I hadded squi/squid in the table > > mysql> show tables -> ; +-+ | Tables_in_squid | > +-+ | passwd | +-+ 1 row > in set (0.00 sec) > > mysql> select * from passwd; > ++--+-+---+-+ | > user | password | enabled | fullname | comment | > ++--+-+---+-+ | > Nikesh | test | 1 | Test User | for testing purpose | | > squid | squid| 1 | Test User | for testing purpose | > ++--+-+---+-+ 2 > rows in set (0.00 sec) > > mysql> > > > > still has same error ? > > > > how can u help me ? login with md5 or wt ?? Of course, no. > > > -Original Message- From: Amos Jeffries > [mailto:squ...@treenet.co.nz] Sent: Tuesday, February 10, 2015 1:29 > PM To: Ahmad; squid-users@lists.squid-cache.org Subject: Re: > [squid-users] squid authentication to remote sql server > > On 11/02/2015 8:17 p.m., Ahmad wrote: >> Thank you amos , I fixed the table thing , but I have new error >> now : >> >> /lib/squid/basic_db_auth --dsn >> "DBI:mysql:host=x.xx..189.177;port=3306;database=squid" --user >> "squid" --password "squid" --table "passwd" --usercol "user" >> --passwdcol "password" --cond "" --plaintext >> >> ERR unknown login ERR unknown login ERR unknown login ERR unknown >> login ERR unknown login >> >> >> Wt do u think ?? Mysql issue ? > > Input issue. Thats a user:password combination being presented that > does not exist in the table. > > Though it might be mysql interpreting the "password" in queries as > the built-in password() function. I renamed that column to "token" > in my auth DB. > > And like Yuri pointed out a DB of passwords in clear-text is not > the greatest of security. At minimum use salted MD5 for the final > setup. > > Amos > > ___ squid-users mailing > list squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJU2nx0AAoJENNXIZxhPexGt0cH/3JsKrG62EZryBe6fAjtxxXW mJ505t31637yV5ajjn52jN+drwj+Xm+BvW/I9zaM9Xj3apf8cw6V0wM/JTNjdsr3 VFt+QHH8ZOIy+TpMbriEcl0VIxG1F9TRi7WR/O6DbLe3uyhKbj4pdsgYTs/aho8i uzwWMDnnejWrN0ekT4YuC5ewTwild6rmJUxbwxWlHOLAsPut1ZqWPp0/3UPgElDJ B/8pUIUq05BAaoK2TQwHsobyYUltVyLUK2DFgzd3uGf2Kkpfp1Z1MGrG8tkQKKcj FBSwWijRot4Or//EgQWx9qMaq78XHJHCkPwJCJ7qWPHcOxR337m1dTfxdD5y0b8= =bc1A -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Amos, MD5 insufficient. As minimum, SHA256 with salt. New Oracle RDBMS use SHA to store user's password. And don't forget about SQL Injection and password cracking farms.. 11.02.15 3:28, Amos Jeffries пишет: > On 11/02/2015 8:17 p.m., Ahmad wrote: >> Thank you amos , I fixed the table thing , but I have new error >> now : >> >> /lib/squid/basic_db_auth --dsn >> "DBI:mysql:host=x.xx..189.177;port=3306;database=squid" --user >> "squid" --password "squid" --table "passwd" --usercol "user" >> --passwdcol "password" --cond "" --plaintext >> >> ERR unknown login ERR unknown login ERR unknown login ERR unknown >> login ERR unknown login >> >> >> Wt do u think ?? Mysql issue ? > > Input issue. Thats a user:password combination being presented that > does not exist in the table. > > Though it might be mysql interpreting the "password" in queries as > the built-in password() function. I renamed that column to "token" > in my auth DB. > > And like Yuri pointed out a DB of passwords in clear-text is not > the greatest of security. At minimum use salted MD5 for the final > setup. > > Amos ___ squid-users > mailing list squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJU2nwxAAoJENNXIZxhPexGR84H/0A1ZldvWUbknbLPggemiXI7 fGF4B06K1IlgpVcXFZuyrCl9YQWdQfCv2PYbh5bVJuHzao4D146dmom7Ppvh0H4r lcZEHb8ahr69Mzn43iozx5g8uuWJtoLRv3MFg73yR209H08XClJo7cnBYIj/Ije5 CftttAz0c+kxnR2GkyOU2Rp3xkwK1RQdre8BeRSPRYrFww11jqv35QY4O0M2VCQg L5Ljx2s+rBto1Bg79VvV5syyEo3aOMIOXS8nUFqFYboVR4LFrakFk6mKVOI7klvH t+4x/oUG3ZGlMdSbxKEn1w2mP1dpWnrN1d2lKCkQPv2qVmm6gInNPzXr2PAoNAI= =gzYx -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
Hi amos I hadded squi/squid in the table mysql> show tables -> ; +-+ | Tables_in_squid | +-+ | passwd | +-+ 1 row in set (0.00 sec) mysql> select * from passwd; ++--+-+---+-+ | user | password | enabled | fullname | comment | ++--+-+---+-+ | Nikesh | test | 1 | Test User | for testing purpose | | squid | squid| 1 | Test User | for testing purpose | ++--+-+---+-+ 2 rows in set (0.00 sec) mysql> still has same error ? how can u help me ? login with md5 or wt ?? -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Tuesday, February 10, 2015 1:29 PM To: Ahmad; squid-users@lists.squid-cache.org Subject: Re: [squid-users] squid authentication to remote sql server On 11/02/2015 8:17 p.m., Ahmad wrote: > Thank you amos , I fixed the table thing , but I have new error now : > > /lib/squid/basic_db_auth --dsn > "DBI:mysql:host=x.xx..189.177;port=3306;database=squid" --user "squid" > --password "squid" --table "passwd" --usercol "user" --passwdcol > "password" --cond "" --plaintext > > ERR unknown login > ERR unknown login > ERR unknown login > ERR unknown login > ERR unknown login > > > Wt do u think ?? > Mysql issue ? Input issue. Thats a user:password combination being presented that does not exist in the table. Though it might be mysql interpreting the "password" in queries as the built-in password() function. I renamed that column to "token" in my auth DB. And like Yuri pointed out a DB of passwords in clear-text is not the greatest of security. At minimum use salted MD5 for the final setup. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
On 11/02/2015 8:17 p.m., Ahmad wrote: > Thank you amos , I fixed the table thing , but I have new error now : > > /lib/squid/basic_db_auth --dsn > "DBI:mysql:host=x.xx..189.177;port=3306;database=squid" --user "squid" > --password "squid" --table "passwd" --usercol "user" --passwdcol "password" > --cond "" --plaintext > > ERR unknown login > ERR unknown login > ERR unknown login > ERR unknown login > ERR unknown login > > > Wt do u think ?? > Mysql issue ? Input issue. Thats a user:password combination being presented that does not exist in the table. Though it might be mysql interpreting the "password" in queries as the built-in password() function. I renamed that column to "token" in my auth DB. And like Yuri pointed out a DB of passwords in clear-text is not the greatest of security. At minimum use salted MD5 for the final setup. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
Thank you amos , I fixed the table thing , but I have new error now : /lib/squid/basic_db_auth --dsn "DBI:mysql:host=x.xx..189.177;port=3306;database=squid" --user "squid" --password "squid" --table "passwd" --usercol "user" --passwdcol "password" --cond "" --plaintext ERR unknown login ERR unknown login ERR unknown login ERR unknown login ERR unknown login Wt do u think ?? Mysql issue ? -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Tuesday, February 10, 2015 12:42 PM To: Ahmad; squid-users@lists.squid-cache.org Subject: Re: [squid-users] squid authentication to remote sql server Replying again because I missed the --table parameter value earlier. On 11/02/2015 7:24 p.m., Ahmad wrote: > Thank you amos , but I have an issue with connection : > mysql> select * from passwd; ===> notice the TABLE NAME. > ++--+-+---+-+ > | user | password | enabled | fullname | comment | > ++--+-+---+-+ > | Nikesh | test | 1 | Test User | for testing purpose | > ++--+-+---+-+ > 1 row in set (0.00 sec) > > > now on the squid box , I do the conection below : > > here is the connection from remote squid: > /lib/squid/basic_db_auth --dsn > "DBI:mysql:database=squid:host=x.x189.177" \ blah. blah about semi-colons from both of my earlier posts.. > --user "squid" --password "squid" --table "user" ==> notice the TABLE NAME > --usercol "user" --passwdcol "password" > --cond "" --plaintext > You have an "enabled" column in the table for disabling peoples accounts. The default --cond is fine. > > DBD::mysql::st execute failed: Table 'squid.user' doesn't exist at > /lib/squid/basic_db_auth line 215, <> line 1. > DBD::mysql::st execute failed: MySQL server has gone away at > /lib/squid/basic_db_auth line 218, <> line 1. > ERR database error Because TABLE NAME. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As I think, this is around DB. Not squid. :) Just misconfiguration. 11.02.15 2:44, Amos Jeffries пишет: > On 11/02/2015 9:35 a.m., Yuri Voinov wrote: >> Wow, it just cannot connect with DB?! > > > Maybe, maybe not, maybe its connecting to the localhost instead of > remote (he had a localhost test earlier). I just spotted table > names were different too. > > Amos ___ squid-users > mailing list squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJU2m7nAAoJENNXIZxhPexGO24H/2IxYwtls5RZOSD6wYEqPPNQ 2xeGrmLZeyc9L9G+wIgYUgjvwmQzR+GerGiDA36lTNiRntZWlTVjyvGcAjwf/PsH 9p3N8X0UeJoA1lDSUfGpKeEDLOWCtVXWJ9wxK+a+wMyB3TGWS/GB6DZ+4DwYamT9 V8P78Ud7o4p2O1L3A1TIaY/GezG+te2qxydLYzlCeX41yDx54AVeBnyg/Eh4qd5i 8QZCZoLpKOZ67w8L43EjS0syBx5g70oHx3lDhafB7C9ZNV01u/Cds66TpuclqBug tpa5MIIBOjSwLZV5RIQMfdaMjmKEbusqSrTe+IPi7/ymlfWhVzQRFhKoghA6DQA= =2kOM -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/02/2015 9:35 a.m., Yuri Voinov wrote: > Wow, it just cannot connect with DB?! > Maybe, maybe not, maybe its connecting to the localhost instead of remote (he had a localhost test earlier). I just spotted table names were different too. Amos -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJU2m2QAAoJELJo5wb/XPRjsCcH/2wibaD27jyliAcZZAu5o0jF f1rfT57rg7J4GaBOhbhTJPm1JYJKkra+bD4OTjOo3lPyZxqi5hq1hxjmOn0UEoe9 HIgaTJxyCuvoyWUsROEVKsw9ReAJoUqpLCMAuTyJkvV0w1tIwyCWovjbGsgsMc/K xYELuTg/60yAlF4+xHdIZiuSOOhqgrEfAsSIIMdT/RfB+2hjjfyBZmIx6irqTfpg w5O9iGpOhuFg/A1wD8EUsIHp1bre+t7YC2FWbwHcU0V+ba90mZMAZAOMHoMzi1rm RpZx3enB1eTXOY9uQjcBZH+5JTSDMo7KI9rx+0cnk7IQENqouGB4jH6qca6ahKc= =YjS+ -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Heh. Pure SQL database is VERY bad idea to store any security credentials or ACL's. They too easy to hack. 11.02.15 2:32, Amos Jeffries пишет: > On 11/02/2015 7:24 p.m., Ahmad wrote: >> Thank you amos , but I have an issue with connection : Here is my >> mysql info : grant select on squid.* to 'squid'@'%' >> identified by 'squid'; = mysql> show >> databases; ++ | Database | >> ++ | information_schema | | mysql >> | | squid | ++ 3 rows in set >> (0.00 sec) >> >> mysql> use squid Database changed mysql> ; ERROR: No query >> specified >> >> mysql> show tables; +-+ | Tables_in_squid | >> +-+ | passwd | +-+ 1 row >> in set (0.00 sec) >> >> mysql> select from * passwd; ERROR 1064 (42000): You have an >> error in your SQL syntax; check the manual that corresponds to >> your MySQL server version for the right syntax to use near 'from >> * passwd' at line 1 mysql> select * from passwd; >> ++--+-+---+-+ >> >> | user | password | enabled | fullname | comment | >> ++--+-+---+-+ >> >> | Nikesh | test | 1 | Test User | for testing purpose | >> ++--+-+---+-+ >> >> 1 row in set (0.00 sec) >> > > >> mysql> === >> >> now on the squid box , I do the conection below : >> >> here is the connection from remote squid: >> /lib/squid/basic_db_auth --dsn >> "DBI:mysql:database=squid:host=x.x189.177" > > No *semi-colons* in the driver parameters bit. > > --dsn "DBI:mysql:host=x.x189.177;port=3306;database=squid" > > > NP: I also like to order them by significance just in case they > are processed in-order. > > Amos ___ squid-users > mailing list squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJU2m16AAoJENNXIZxhPexGIr8IALMxa6Gfh9qGLtE+LPLOozfb YB5U/+QvNMV9/BD4wYD9B9/jTi9DGXOp7QvkG+OM3xB6etR1hOA0/Ppt1OOWY8co Mc4QZhWNHXP+iLoajI6yIeXYQu6I8Hj3rYUbetf80M8j5TiIMivJjNpejGOJcJ76 6j0qwDbvfl/pV7q8qs+b4+gax7oqC8Zc5jHJM8uKwr8tknHfuGlqVTY7QPbYBX+G an2HlaIr/gSY6p3drPCsvY3faprp24o8xuXNEex56558mOAw8dV8R7/7NVfd2bIJ Mig+rYa4BPCEPu9Q8FELOwkiSaYl8c0LsQVvNyx7lptNNywcuj5IETxggflNHyY= =vMtZ -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
Replying again because I missed the --table parameter value earlier. On 11/02/2015 7:24 p.m., Ahmad wrote: > Thank you amos , but I have an issue with connection : > mysql> select * from passwd; ===> notice the TABLE NAME. > ++--+-+---+-+ > | user | password | enabled | fullname | comment | > ++--+-+---+-+ > | Nikesh | test | 1 | Test User | for testing purpose | > ++--+-+---+-+ > 1 row in set (0.00 sec) > > > now on the squid box , I do the conection below : > > here is the connection from remote squid: > /lib/squid/basic_db_auth --dsn "DBI:mysql:database=squid:host=x.x189.177" \ blah. blah about semi-colons from both of my earlier posts.. > --user "squid" --password "squid" --table "user" ==> notice the TABLE NAME > --usercol "user" --passwdcol "password" > --cond "" --plaintext > You have an "enabled" column in the table for disabling peoples accounts. The default --cond is fine. > > DBD::mysql::st execute failed: Table 'squid.user' doesn't exist at > /lib/squid/basic_db_auth line 215, <> line 1. > DBD::mysql::st execute failed: MySQL server has gone away at > /lib/squid/basic_db_auth line 218, <> line 1. > ERR database error Because TABLE NAME. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wow, it just cannot connect with DB?! 11.02.15 2:32, Amos Jeffries пишет: > On 11/02/2015 7:24 p.m., Ahmad wrote: >> Thank you amos , but I have an issue with connection : Here is my >> mysql info : grant select on squid.* to 'squid'@'%' >> identified by 'squid'; = mysql> show >> databases; ++ | Database | >> ++ | information_schema | | mysql >> | | squid | ++ 3 rows in set >> (0.00 sec) >> >> mysql> use squid Database changed mysql> ; ERROR: No query >> specified >> >> mysql> show tables; +-+ | Tables_in_squid | >> +-+ | passwd | +-+ 1 row >> in set (0.00 sec) >> >> mysql> select from * passwd; ERROR 1064 (42000): You have an >> error in your SQL syntax; check the manual that corresponds to >> your MySQL server version for the right syntax to use near 'from >> * passwd' at line 1 mysql> select * from passwd; >> ++--+-+---+-+ >> >> | user | password | enabled | fullname | comment | >> ++--+-+---+-+ >> >> | Nikesh | test | 1 | Test User | for testing purpose | >> ++--+-+---+-+ >> >> 1 row in set (0.00 sec) >> > > >> mysql> === >> >> now on the squid box , I do the conection below : >> >> here is the connection from remote squid: >> /lib/squid/basic_db_auth --dsn >> "DBI:mysql:database=squid:host=x.x189.177" > > No *semi-colons* in the driver parameters bit. > > --dsn "DBI:mysql:host=x.x189.177;port=3306;database=squid" > > > NP: I also like to order them by significance just in case they > are processed in-order. > > Amos ___ squid-users > mailing list squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJU2muCAAoJENNXIZxhPexGwVUH/3GLWgF+hvm2EKIFI5FN/GI0 tPf7+GmRn+/5Aq3qVJxPUll363Q5jxw8eCRG17Z1W/oqsncjZW3VNYbBUwtCLazj 5MsRaMYkQdhmgLhkRCH2uTiOKfeen76BySrhYm6lb09A9be40JbMwhpVwBAyREdj Dx7u4LFdgUyEWPTOLXxZmZ+3vaO1egidxhf55+yUOXKyuUVFqlSc3bVRiIqUaPq8 qCxSwVDJrUcXB5UOLSttugftTh3zmm/HVg9JDC6G6N2CL6vm8jmCntIKvO5YcQrH eIcjbnSlFbuvOPe1kOMyP+zqgciCscGdv9XKVUySDILdrWEKs+aazJ9HSQVvBIY= =Hz+L -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
On 11/02/2015 7:24 p.m., Ahmad wrote: > Thank you amos , but I have an issue with connection : > Here is my mysql info : > > grant select on squid.* to 'squid'@'%' identified by 'squid'; > = > mysql> show databases; > ++ > | Database | > ++ > | information_schema | > | mysql | > | squid | > ++ > 3 rows in set (0.00 sec) > > mysql> use squid > Database changed > mysql> ; > ERROR: > No query specified > > mysql> show tables; > +-+ > | Tables_in_squid | > +-+ > | passwd | > +-+ > 1 row in set (0.00 sec) > > mysql> select from * passwd; > ERROR 1064 (42000): You have an error in your SQL syntax; check the manual > that corresponds to your MySQL server version for the right syntax to use > near 'from * passwd' at line 1 > mysql> select * from passwd; > ++--+-+---+-+ > | user | password | enabled | fullname | comment | > ++--+-+---+-+ > | Nikesh | test | 1 | Test User | for testing purpose | > ++--+-+---+-+ > 1 row in set (0.00 sec) > > mysql> > === > > now on the squid box , I do the conection below : > > here is the connection from remote squid: > /lib/squid/basic_db_auth --dsn "DBI:mysql:database=squid:host=x.x189.177" No *semi-colons* in the driver parameters bit. --dsn "DBI:mysql:host=x.x189.177;port=3306;database=squid" NP: I also like to order them by significance just in case they are processed in-order. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
'--enable-removal-policies=lru,heap' '--enable-delay-pools' > '--enable-cache-digests' '--enable-underscores' > '--enable-icap-client' '--enable-follow-x-forwarded-for' > '--enable-auth' > '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' > '--enable-ntlm-auth-helpers=smb_lm' > '--enable-digest-auth-helpers=ldap,password' > '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-esi' > '--disable-translation' '--with-logdir=/var/log/squid' > '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=131072' > '--with-large-files' '--with-default-user=squid' > '--enable-linux-netfilter' '--enable-ltdl-convenience' > '--enable-ssl' '--enable-ssl-crtd' '--enable-arp-acl' > 'CXXFLAGS=-DMAXTCPLISTENPORTS=2' '--with-openssl' > '--enable-snmp' [root@squid ~]# == > > Thanks again for help -Original Message- From: squid-users > [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of > Amos Jeffries Sent: Monday, February 9, 2015 4:15 PM To: > squid-users@lists.squid-cache.org Subject: Re: [squid-users] squid > authentication to remote sql server > > On 10/02/2015 5:01 p.m., Ahmad wrote: >> Hi , >> >> I followed the article in : >> >> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Mysql >> >> >> >> >> >> I need to connect squid to external sql server , what do I need >> to modify in the helper command ? >> >> >> >> I think that the command below : >> >> ""auth_param basic program /usr/local/squid/libexec/squid_db_auth >> --user someuser --password --plaintext --persist >> >> >> >> Shoud include the ip & port of the sql server . >> > > The Data Source Name (--dsn) parameter is the option string passed > to the Perl DBI module for locating the database to use. > > It takes the syntax: > > "DSN:" driver ":" params > > The params bit depends on what database driver (type) is. The > "mysql" driver uses semi-colon separated key=value pairs. > > So you can write something like: > > --dsn "DSN:mysql:host=example.com;port=3306;database=squid" > > > Amos ___ squid-users > mailing list squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > ___ squid-users mailing > list squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJU2moZAAoJENNXIZxhPexGBNYH/2vArGMG2/iepXT3FV29ZqAK XsBd8Cn+FzssnlmGiwp6yfNurMJVxu1DlAtRC8HOvduoI4IwfF1E4L/cFhfFw+Zr uTyVwb1nzZ/yFrErjU2XEE0Va4pGtskAKWgSXnOSo1cJ9af+IltLtWZGbv1RO6yO 4mvCosjJX4TosFVO/bi4xIssqz+4+Yn249HXzey8DA/kiIkUF7TMi09ttwp6yW1w YxTu5MAy7gNNpbCwgBaosLl+1JpJt+r7/Omdv8ojNJ838TtR/iDDu6TAlf6PEVud /Y002/uo2QrOp7jfc9nkbhsBXXWKUzCCKKVf0wEgJLs6c/wDikSfgI+55AaZ3Fg= =cJ4m -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
-translation' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=131072' '--with-large-files' '--with-default-user=squid' '--enable-linux-netfilter' '--enable-ltdl-convenience' '--enable-ssl' '--enable-ssl-crtd' '--enable-arp-acl' 'CXXFLAGS=-DMAXTCPLISTENPORTS=2' '--with-openssl' '--enable-snmp' [root@squid ~]# == Thanks again for help -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Amos Jeffries Sent: Monday, February 9, 2015 4:15 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] squid authentication to remote sql server On 10/02/2015 5:01 p.m., Ahmad wrote: > Hi , > > I followed the article in : > > http://wiki.squid-cache.org/ConfigExamples/Authenticate/Mysql > > > > > > I need to connect squid to external sql server , what do I need to > modify in the helper command ? > > > > I think that the command below : > > ""auth_param basic program /usr/local/squid/libexec/squid_db_auth > --user someuser --password --plaintext --persist > > > > Shoud include the ip & port of the sql server . > The Data Source Name (--dsn) parameter is the option string passed to the Perl DBI module for locating the database to use. It takes the syntax: "DSN:" driver ":" params The params bit depends on what database driver (type) is. The "mysql" driver uses semi-colon separated key=value pairs. So you can write something like: --dsn "DSN:mysql:host=example.com;port=3306;database=squid" Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid authentication to remote sql server
On 10/02/2015 5:01 p.m., Ahmad wrote: > Hi , > > I followed the article in : > > http://wiki.squid-cache.org/ConfigExamples/Authenticate/Mysql > > > > > > I need to connect squid to external sql server , what do I need to modify > in the helper command ? > > > > I think that the command below : > > ""auth_param basic program /usr/local/squid/libexec/squid_db_auth --user > someuser --password --plaintext --persist > > > > Shoud include the ip & port of the sql server . > The Data Source Name (--dsn) parameter is the option string passed to the Perl DBI module for locating the database to use. It takes the syntax: "DSN:" driver ":" params The params bit depends on what database driver (type) is. The "mysql" driver uses semi-colon separated key=value pairs. So you can write something like: --dsn "DSN:mysql:host=example.com;port=3306;database=squid" Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] squid authentication to remote sql server
Hi , I followed the article in : http://wiki.squid-cache.org/ConfigExamples/Authenticate/Mysql I need to connect squid to external sql server , what do I need to modify in the helper command ? I think that the command below : ""auth_param basic program /usr/local/squid/libexec/squid_db_auth --user someuser --password --plaintext --persist Shoud include the ip & port of the sql server . cheers ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
