[squid-users] I have a cache directory, I am not sure if that is squid's cache directory
Dear all, I am wondering if the cache directory I have belongs to squid. the reason is because that cache directory is at the path /var/spool/cache i.e not under the squid directory. I read from other people that most have a cache directory under the squid directory path such as /var/squid/cache. also, because after I uninstalled my squid, that cache directory /var/spool cache is still there. that makes me wonder if that is a cache diretory existed when I first installed FC3 or is that belong to squid. maybe this could help clearify, the content of the cache directory is as follow: [EMAIL PROTECTED] cache]# ls 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F log log-last-clean netdb_state *Does anyone of your squid cache has this content too? thanks all.
AW: [squid-users] FATAL: redirect_program /usr/bin/squidguard: (1 3) Permission denied
You may check squidguard at the commandline using a little script like this: #!/bin/sh # SG_HOME=/usr/local/squidGuard SG=/usr/local/bin/squidGuard SG_CONF=$SG_HOME/etc/squidguard.conf # LD_LIBRARY_PATH=/usr/local/BerkeleyDB.4.0/lib export LD_LIBRARY_PATH echo "http://www.google.de 10.23.20.134/- - GET" | \ $SG -c $SG_CONF -d Mit freundlichem Gruß/Yours sincerely Werner Rost GM-FIR - Netzwerk ZF Boge Elastmetall GmbH Friesdorfer Str. 175, 53175 Bonn, Deutschland/Germany Telefon/Phone +49 228 3825 - 420 Telefax/Fax +49 228 3825 - 398 [EMAIL PROTECTED] -Ursprüngliche Nachricht- Von: Hendrik Voigtländer [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 25. November 2004 22:52 An: Yong Bong Fong Cc: [EMAIL PROTECTED] Betreff: Re: [squid-users] FATAL: redirect_program /usr/bin/squidguard: (13) Permission denied Yong Bong Fong wrote: > > heres the permission for all the squidguard files on my computer: > > -rw-r--r-- 1 nobody nobody 388 Nov 24 16:52 squidGuard.log drwxr-xr-x > 12 bfyong bfyong 4096 Dec 25 2002 de-blacklists (folder with all the > urls, domains for squidguard.log) Check the permission of the files inside the blacklist folder, the db-files must be writable by the squid-user (can anybody explain why?) > squid 3728 11.2 1.2 8120 4732 ?S08:29 0:00 (squid) -D > squid 3729 0.0 0.0 2492 276 ?Ss 08:29 0:00 (unlinkd) > there was absolutely no program for squid to work before I added the > redirect_program configuration, eveything failed after the sentence was > added Try to start squidGuard on the commandline as the user squid, there is an option to log everything to stdout (sorry, I can't remember and I am not in the office at the moment) - check the docs. If your are unable to start squidGuard as the squid-user at the commandline there is no use to try this inside the squid.conf. Regards, Hendrik Voigtländer
[squid-users] patch external_acl_fuzzy
Hello! I try to develop ident-like program. So I need to know my port, remote port, my address, remote address. I patched squid with http://devel.squid-cache.org/projects.html#external_acl_fuzzy. Squid.conf: I used parameters . %SRC %SRCPORT %MYADDR %MYPORT external_ident . Squid Version: Version 2.5.STABLE7 But in external_ident %SRCPORT is always equal to 0! Other parameters are correct. Do you have any ideas? wbr, Ilya
Re: [squid-users] Re: do we need to create the user "squid" by ourselves?
Adam Aube wrote: Yong Bong Fong wrote: my question is do we need to create the user account "squid" manually or is it automatically created upon installation. If you compiled Squid from sources, you need to create the squid user manually. If you installed a pre-built Squid package, the package may create the squid user automatically. This is package-dependent, of course. Adam Hello, The account created by a pre-build package may be locked or configured unsuitable for interactive use - depends on the maintainer. > Yong Bong Fong wrote: > [EMAIL PROTECTED] log]# su squid > This account is currently not available*. I have never seen a message like this, what kind of Unix is this squid running at? What you can do to track the problem down: check if an account exists: #id squid check account config: #grep squid /etc/passwd or #getent passwd squid check password entry: #grep squid /etc/shadow or #getent shadow squid Regards, Hendrik Voigtländer
RE: [squid-users] SPEED LIMIT TO 10kbps
> hello > i am new to linux. > > i have DSL 256CIR internet connection for 25 users and i want > to access my > user only 10kbps per user speed. what i ADD or EDIT in squid.conf > > #squid.conf > acl myusers src 192.168.100.0/255.255.255.0 > http_access allow myusers > http_access deny all > > i think some delay_pool command work here but i dont have any > experience > about delay pools. > > please help me regarding this. > Check the FAQ on delay pools. It contains some examples. M.
[squid-users] SPEED LIMIT TO 10kbps
hello i am new to linux. i have DSL 256CIR internet connection for 25 users and i want to access my user only 10kbps per user speed. what i ADD or EDIT in squid.conf #squid.conf acl myusers src 192.168.100.0/255.255.255.0 http_access allow myusers http_access deny all i think some delay_pool command work here but i dont have any experience about delay pools. please help me regarding this. Thankyou & best regards, Shiraz Gul Khan (03002061179) Onezero Inc. _ Express yourself with cool new emoticons http://www.msn.co.uk/specials/myemo
[squid-users] Re: NTLM Auth multiple problems.
Sridhar M.N. wrote: > I'm trying to get NTLM Authentication working but > haven't been successful with the squid part of it. > Below is the squid.conf > auth_param ntlm program /usr/bin/ntlm_auth > --helperprotocol=squid-2.5-ntlmssp > auth_param basic program /usr/bin/ntlm_auth > --helperprotocol=squid-2.5-basic It should be "--helper-protocol" instead of "--helperprotocol". Adam
[squid-users] Re: Command Error
Please reply to the list, and not to me directly. Michael Hopkins wrote: > Adam Aube wrote: > > Michael Hopkins wrote: >>> After installing Squid on a clean install of RH 9 it comes up with the >>> message: Squid Command Not Found. >> Are you using absolute or relative paths when running the 'squid' command >> - i.e. './squid' or '/usr/local/squid/sbin/squid' instead of just >> 'squid'? >> Same goes for any startup scripts. > absolute! Ok. What is the exact output of the following: echo $PATH pwd; squid /usr/local/squid/sbin/squid Adam
[squid-users] Re: do we need to create the user "squid" by ourselves?
Yong Bong Fong wrote: > my question is do we need to create the user account "squid" manually or > is it automatically created upon installation. If you compiled Squid from sources, you need to create the squid user manually. If you installed a pre-built Squid package, the package may create the squid user automatically. This is package-dependent, of course. Adam
[squid-users] do we need to create the user "squid" by ourselves?
Dear all, Recently I ran into problem with permission on squid and squidguard. I am aware that squid change to user squid (or nobody in some case) as effective user when it runs, my question is do we need to create the user account "squid" manually or is it automatically created upon installation. What I mean is do we need to use the command "useradd" to add the user squid to my system? I am confused about this because I wanted to check if I have access to certain files as squid user, so I tried to su into squid user as follows: [EMAIL PROTECTED] log]# su squid This account is currently not available*. as shown above, says the account is not available but when I tried to create this account, by the command "useradd" the following came out: [EMAIL PROTECTED] /]# useradd squid useradd: user squid exists *So, do we actually need to create that account ourselves or has it been created dring installation? if it has been created during installation how do we know the password of the account then? thanks for helping all.. Regards Fong
[squid-users] Re: Command Error
Michael Hopkins wrote: > After installing Squid on a clean install of RH 9 it comes up with the > message: Squid Command Not Found. Are you using absolute or relative paths when running the 'squid' command - i.e. './squid' or '/usr/local/squid/sbin/squid' instead of just 'squid'? Same goes for any startup scripts. Adam
[squid-users] parent/sibling configuration
to all: is there a way to configure squid to be a parent proxy and ms isa to be the sibling proxy? -- the fear of blood tends to create fear for the flesh.
[squid-users] Re: Config Errors Cause Allowed Access
Michael Bhola wrote: > My question is regarding the behaviour of the acls when ident isn't > recognised. In the config below, because adults isn't valid, it seems to > just ignore that acl and allow based on homenet. > Is it possible to change my configuration in some way so that any acl > with an error is ignored completely or some other way of setting things > up so that it fails safe ? > http_access allow homenet adults > http_access allow homenet children safe_domain > http_access allow localhost > http_access deny all Change the above http_access lines so that the ident acls aren't combined with anything else. Something like this should work: http_access allow localhost http_access deny !homenet http_access allow adults http_access deny !safe_domain http_access allow children http_access deny all Adam
[squid-users] Command Error
Hi Guys I am currently building 2 squid servers for use in our organisation. The f= irst is a test box that I will keep for testing and the other is a larger s= ystem for Production based use. I am loading this onto RedHat9 and am havi= ng issues with it running. After installing Squid on a clean install of RH= 9 it comes up with the message: Squid Command Not Found. I have checked it= have all the GCC, and Perl compliers installed from the RH9 disks and does= not appear to have an error with compiling that I can see. I have tried r= unning the Squid command from /usr/local/squid/sbin which is where the file= is located but this error persistes. Once on the test machine I managed to get the Squid command to work, I coul= d create the cache (squid -z) and was working beutifully. The next day I r= estarted the box (I turned it off that night) it comes up with the old comm= and. Could this be a dependency that squid has to something that I am missing or= have not installed? The test box has internet access and works fine and can resolve dns request= s but squid will not run (Squid command not found) Please HELP!!! Kind Regards Michael Hopkins Gateway Services Ph 1800 198 175 *** This email, including any attachments sent with it, is confidential and for the sole use of the intended recipient(s). This confidentiality is not waived or lost, if you receive it and you are not the intended recipient(s), or if it is transmitted/received in error. Any unauthorised use, alteration, disclosure, distribution or review of this email is prohibited. It may be subject to a statutory duty of confidentiality if it relates to health service matters. If you are not the intended recipient(s), or if you have received this email in error, you are asked to immediately notify the sender by telephone or by return email. You should also delete this email and destroy any hard copies produced. ***
[squid-users] Config Errors Cause Allowed Access
I have a squid configuration that works very nicely on my home network. I use ident for authentication and I do understand the implications of that. My problem comes with Fedora Core. FC1 was compiled with --enable-ident-lookups whereas FC2 isn't. So now when I upgrade squid my ident setup is broken. This is itself isn't too much of a problem becuase I just rebuild it with --enable-ident-lookups. My question is regarding the behaviour of the acls when ident isn't recognised. In the config below, because adults isn't valid, it seems to just ignore that acl and allow based on homenet. Is it possible to change my configuration in some way so that any acl with an error is ignored completely or some other way of setting things up so that it fails safe ? 2004/11/25 22:05:15| parseConfigFile: line 1758 unrecognized: 'ident_lookup_access allow homenet' 2004/11/25 22:05:15| squid.conf line 1759: acl adults ident mike jane 2004/11/25 22:05:15| aclParseAclLine: Invalid ACL type 'ident' 2004/11/25 22:05:15| squid.conf line 1760: acl children ident mary jo 2004/11/25 22:05:15| aclParseAclLine: Invalid ACL type 'ident' 2004/11/25 22:05:15| squid.conf line 1765: http_access allow homenet adults 2004/11/25 22:05:15| aclParseAccessLine: ACL name 'adults' not found. 2004/11/25 22:05:15| squid.conf line 1766: http_access allow homenet children safe_domain 2004/11/25 22:05:15| aclParseAccessLine: ACL name 'children' not found. #http_access allow our_networks acl homenet src 192.168.1.0/24 #acl adults proxy_auth mike jane #acl children proxy_auth mary jo ident_lookup_access allow homenet acl adults ident mike jane acl children ident mary jo acl safe_domain dstdomain "/etc/squid/whitelist.txt" #authenticate_program /usr/lib/squid/pam_auth http_access allow homenet adults http_access allow homenet children safe_domain # And finally deny all other access to this proxy http_access allow localhost http_access deny all
Re: [squid-users] FATAL: redirect_program /usr/bin/squidguard: (13) Permission denied
Yong Bong Fong wrote: > heres the permission for all the squidguard files on my computer: -rw-r--r-- 1 nobody nobody 388 Nov 24 16:52 squidGuard.log drwxr-xr-x 12 bfyong bfyong 4096 Dec 25 2002 de-blacklists (folder with all the urls, domains for squidguard.log) Check the permission of the files inside the blacklist folder, the db-files must be writable by the squid-user (can anybody explain why?) squid 3728 11.2 1.2 8120 4732 ?S08:29 0:00 (squid) -D squid 3729 0.0 0.0 2492 276 ?Ss 08:29 0:00 (unlinkd) there was absolutely no program for squid to work before I added the redirect_program configuration, eveything failed after the sentence was added Try to start squidGuard on the commandline as the user squid, there is an option to log everything to stdout (sorry, I can't remember and I am not in the office at the moment) - check the docs. If your are unable to start squidGuard as the squid-user at the commandline there is no use to try this inside the squid.conf. Regards, Hendrik Voigtländer
[squid-users] deny access based on referer
Hi, I'm getting tired of 'referer spam' and so thought I might send these folks a 403. However, using the Webmin interface to Squid, I don't see which type of ACL will do this. Most of my DENY lines are for Browser Regexp or Client Address. How do we block a refering URL (or referer-regexp)? Thanks, Ken Ara __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: [squid-users] (113) no route to host please help
> > hi all, > I m having a problem with squid 2.5 stable1. Often it gives > an error '(113) no > route to host' but if I restart squid it works fine for about > 15 to 30 mins. > squid is accepting connection on port 3128. I have also few > iptables to accept > connection from the internet and nat to another server (on > the internal > network). The ports I am accepting from the internet are 80, > 8000, 25 and 110. > does any one have an idea of what is the problem. if any one > needs more info > please tell me. > below is a piece from the cache log while trying to access > hotmail and the > error occurs. > > Normally, 'no route to host' is returned by the ip stack and says what is says : a problemof network routing when trying to reach www.hotmail.com. Try , for instance : # traceroute www.hotmail.com from the squid box at that time; see whether this works. Also : upgrade to the latest stable release; 2.5.stable1 is way old and in between tons and tons of bugs have been fixed. Although this particular issue is not squid related but comes from the networking layer. M.
Re: [squid-users] Multiple reply_body_max_size entries
Hi, I noted that acl based reply_body_max_size works correctly ONLY if I add the acl in one of http_access directives! My acl is an EXTERNAL one (ldap_group in particular). external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -b ou=people,dc=domain,dc=it -f "(&(uid=%u)(Mygroup=%g))" -D cn=user,ou=apps,dc=domain,dc=it -w password -H ldap://ldapserver:389 acl unlimited external ldap_group unlimited . . . reply_body_max_size 100 allow !unlimited This works only if I add http_access allow unlimited !unlimited that is never true and doesn't alter my access rules. Is the same for you? If yes I think this is a bug Regards MArco Hi all, Is there a way to use multiple reply_body_max_size entries in a squid.conf configuration file? I mean, for some "special users" I need no restriction for downloading files from Internet and for the rest of the users I need to restrict to a 10MB maximum download size. I'm trying this configuration without success: acl USERS external NTGroup DOMAIN_GROUP1 acl SPECIAL_USERS external NTGroup DOMAIN_GROUP2 . . . reply_body_max_size 0 allow SPECIAL_USERS reply_body_max_size 10485760 allow USERS Anyone can help me? Thanks in advance, Carlos Eduardo Gomes Marins. SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
[squid-users] (113) no route to host please help
hi all, I m having a problem with squid 2.5 stable1. Often it gives an error '(113) no route to host' but if I restart squid it works fine for about 15 to 30 mins. squid is accepting connection on port 3128. I have also few iptables to accept connection from the internet and nat to another server (on the internal network). The ports I am accepting from the internet are 80, 8000, 25 and 110. does any one have an idea of what is the problem. if any one needs more info please tell me. below is a piece from the cache log while trying to access hotmail and the error occurs. 207.68.171.233 2004/11/17 11:21:19| cbdataValid: 0x8537410 2004/11/17 11:21:19| ipcache_nbgethostbyname: Name 'www.hotmail.com'. 2004/11/17 11:21:19| ipcache_nbgethostbyname: HIT for 'www.hotmail.com' 2004/11/17 11:21:19| cbdataLock: 0x85400e0 2004/11/17 11:21:19| cbdataValid: 0x85400e0 2004/11/17 11:21:19| ipcacheCycleAddr: www.hotmail.com now at 207.68.171.233 2004/11/17 11:21:19| connect FD 18: (115) Operation now in progress 2004/11/17 11:21:19| commConnectHandle: FD 18: COMM_INPROGRESS 2004/11/17 11:21:19| commSetSelect: FD 18 type 2 2004/11/17 11:21:19| cbdataUnlock: 0x85400e0 2004/11/17 11:21:19| comm_poll: 1+0 FDs ready 2004/11/17 11:21:19| comm_poll: FD 18 ready for reading 2004/11/17 11:21:19| comm_poll: FD 18 ready for writing 2004/11/17 11:21:19| ipcacheCycleAddr: www.hotmail.com now at 207.68.171.233 2004/11/17 11:21:19| comm_remove_close_handler: FD 18, handler=0x80669d0, data=0x85400e0 2004/11/17 11:21:19| cbdataUnlock: 0x85400e0 2004/11/17 11:21:19| commSetTimeout: FD 18 timeout -1 2004/11/17 11:21:19| commConnectFree: FD 18 2004/11/17 11:21:19| cbdataFree: 0x85400e0 2004/11/17 11:21:19| cbdataFree: Freeing 0x85400e0 2004/11/17 11:21:19| cbdataValid: 0x8537410 2004/11/17 11:21:19| fwdFail: ERR_CONNECT_FAIL "Service Unavailable" http://www.hotmail.com/ 2004/11/17 11:21:19| cbdataFree: 0x8434a28 2004/11/17 11:21:19| cbdataFree: Freeing 0x8434a28 2004/11/17 11:21:19| comm_close: FD 18 2004/11/17 11:21:19| commCallCloseHandlers: FD 18 2004/11/17 11:21:19| commCallCloseHandlers: ch->handler=0x80718c0 2004/11/17 11:21:19| cbdataValid: 0x8537410 2004/11/17 11:21:19| fwdServerClosed: FD 18 http://www.hotmail.com/ 2004/11/17 11:21:19| fwdServerClosed: re-forwarding (10 tries, 0 secs) 2004/11/17 11:21:19| cbdataLock: 0x8537410 2004/11/17 11:21:19| eventAdd: Adding 'fwdConnectStart', in 0.00 seconds 2004/11/17 11:21:19| cbdataUnlock: 0x8537410 2004/11/17 11:21:19| fd_close FD 18 http://www.hotmail.com/ 2004/11/17 11:21:19| cbdataUnlock: 0x8537410 2004/11/17 11:21:19| eventRun: RUN ID 2491 2004/11/17 11:21:19| cbdataValid: 0x8537410 2004/11/17 11:21:19| cbdataUnlock: 0x8537410 2004/11/17 11:21:19| eventRun: Running 'fwdConnectStart', id 2490 2004/11/17 11:21:19| fwdConnectStart: http://www.hotmail.com/ 2004/11/17 11:21:19| fwdConnectStart: got addr 0.0.0.0, tos 0 2004/11/17 11:21:19| comm_open: FD 18 is a new socket 2004/11/17 11:21:19| fd_open FD 18 http://www.hotmail.com/ 2004/11/17 11:21:19| comm_add_close_handler: FD 18, handler=0x80718c0, data=0x8537410 2004/11/17 11:21:19| cbdataLock: 0x8537410 2004/11/17 11:21:19| commSetTimeout: FD 18 timeout 120 2004/11/17 11:21:19| commConnectStart: FD 18, www.hotmail.com:80 2004/11/17 11:21:19| cbdataLock: 0x8537410 2004/11/17 11:21:19| comm_add_close_handler: FD 18, handler=0x80669d0, data=0x85400e0 2004/11/17 11:21:19| cbdataLock: 0x85400e0 2004/11/17 11:21:19| ipcache_nbgethostbyname: Name 'www.hotmail.com'. 2004/11/17 11:21:19| ipcache_nbgethostbyname: HIT for 'www.hotmail.com' 2004/11/17 11:21:19| cbdataLock: 0x85400e0 2004/11/17 11:21:19| cbdataValid: 0x85400e0 2004/11/17 11:21:19| ipcacheCycleAddr: www.hotmail.com now at 207.68.171.233 2004/11/17 11:21:19| fqdncache_nbgethostbyaddr: Name '207.68.171.233'. 2004/11/17 11:21:19| fqdncache_nbgethostbyaddr: MISS for '207.68.171.233' 2004/11/17 11:21:19| idnsPTRLookup: buf is 45 bytes for 207.68.171.233, id = 0x47e 2004/11/17 11:21:19| cbdataLock: 0x8423660 2004/11/17 11:21:19| commSetSelect: FD 5 type 1 2004/11/17 11:21:19| connect FD 18: (115) Operation now in progress 2004/11/17 11:21:19| commConnectHandle: FD 18: COMM_INPROGRESS 2004/11/17 11:21:19| commSetSelect: FD 18 type 2 2004/11/17 11:21:19| cbdataUnlock: 0x85400e0 2004/11/17 11:21:19| comm_poll: 1+0 FDs ready 2004/11/17 11:21:19| comm_poll: FD 18 ready for reading 2004/11/17 11:21:19| comm_poll: FD 18 ready for writing 2004/11/17 11:21:19| ipcacheMarkBadAddr: www.hotmail.com [207.68.171.233] 2004/11/17 11:21:19| ipcacheCycleAddr: Changing ALL www.hotmail.com addrs from BAD to OK 2004/11/17 11:21:19| ipcacheCycleAddr: www.hotmail.com now at 207.68.172.239 2004/11/17 11:21:19| cbdataValid: 0x8537410 2004/11/17 11:21:19| ipcache_nbgethostbyname: Name 'www.hotmail.com'. 2004/11/17 11:21:19| ipcache_nbgethostbyname: HIT for 'www.hotmail.com' 2004/11/17 11:21:19| cbdataLock: 0x85400e0 2004/11/17 11:21:19| cbdataValid: 0x85400e0 2004/11/17 11:21:19| ipcacheCycleAddr: www.h
RE: [squid-users] NTLM Auth multiple problems.
> Hello all > > I'm trying to get NTLM Authentication working but > haven't been successful with the squid part of it. > Everything with samba works perfectly fine. I'm using > samba-3.0.8 and all the samba tests are working fine. > /usr/local/bin/ntlm_auth > -helper-protocol=squid-2.5-basic > --domain=MO.COM --username=Srid --password=passwd > > Successful > > > wbinfo -t, wbinfo -u, wbinfo -g, getent passwd and > getent group works just fine. > > Below is the squid.conf > > --skip-- > > auth_param ntlm program /usr/bin/ntlm_auth > --helperprotocol=squid-2.5-ntlmssp > auth_param ntlm children 5 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 20 minutes > auth_param basic program /usr/bin/ntlm_auth > --helperprotocol=squid-2.5-basic > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > > > acl vlan1 src 10.1.1.0-10.1.1.254 > acl vlan21 src 10.1.21.0-10.1.21.254 > acl AuthorizedUsers proxy_auth REQUIRED > acl all src 0.0.0.0/0.0.0.0 > > --skip-- > > http_access allow all AuthorizedUsers > http_access allow vlan1 > http_access allow vlan21 > http_access allow all > http_access deny all > > There are no errors in log.nmbd/smbd/winbind but there > are some errors in cache.log. The errors are > > 2004/11/25 17:39:39| Unlinkd pipe opened on FD 24 > 2004/11/25 17:39:39| Swap maxSize 1048576 KB, > estimated 80659 objects > -skip- > > 2004/11/25 17:39:40| WARNING: basicauthenticator #5 > (FD 20) exited > 2004/11/25 17:39:40| Done scanning /var/spool/squid > swaplog (0 entries) > > -skip- > > 2004/11/25 17:39:40| store_swap_size = 0k > username must be specified! > > And when username and password is specified in the > squid.conf file, I get the errors > > 2004/11/25 17:39:40| Took 0.0 seconds ( 0.0 > entries/sec). > FATAL: The basicauthenticator helpers are crashing too > rapidly, need help! > > 2004/11/25 17:39:47| WARNING: ntlmauthenticator #1 (FD > 11) exited > 2004/11/25 17:39:47| WARNING: ntlmauthenticator #2 (FD > 12) exited > 2004/11/25 17:39:47| WARNING: basicauthenticator #5 > (FD 20) exited > > Squid is running with the user/group nobody and the > owenership for the folder and permissions are > specified too > > drwxrw-rw- 2 root nobody 4096 Nov 23 16:41 > winbindd_privileged > > What might be the problem? Do I need to make changes > to any of the pam files? > > Thanks for the help =) > > Does : % squid -k parse give any errors ? M.
[squid-users] NTLM Auth multiple problems.
Hello all I'm trying to get NTLM Authentication working but haven't been successful with the squid part of it. Everything with samba works perfectly fine. I'm using samba-3.0.8 and all the samba tests are working fine. /usr/local/bin/ntlm_auth -helper-protocol=squid-2.5-basic --domain=MO.COM --username=Srid --password=passwd Successful wbinfo -t, wbinfo -u, wbinfo -g, getent passwd and getent group works just fine. Below is the squid.conf --skip-- auth_param ntlm program /usr/bin/ntlm_auth --helperprotocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 20 minutes auth_param basic program /usr/bin/ntlm_auth --helperprotocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl vlan1 src 10.1.1.0-10.1.1.254 acl vlan21 src 10.1.21.0-10.1.21.254 acl AuthorizedUsers proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 --skip-- http_access allow all AuthorizedUsers http_access allow vlan1 http_access allow vlan21 http_access allow all http_access deny all There are no errors in log.nmbd/smbd/winbind but there are some errors in cache.log. The errors are 2004/11/25 17:39:39| Unlinkd pipe opened on FD 24 2004/11/25 17:39:39| Swap maxSize 1048576 KB, estimated 80659 objects -skip- 2004/11/25 17:39:40| WARNING: basicauthenticator #5 (FD 20) exited 2004/11/25 17:39:40| Done scanning /var/spool/squid swaplog (0 entries) -skip- 2004/11/25 17:39:40| store_swap_size = 0k username must be specified! And when username and password is specified in the squid.conf file, I get the errors 2004/11/25 17:39:40| Took 0.0 seconds ( 0.0 entries/sec). FATAL: The basicauthenticator helpers are crashing too rapidly, need help! 2004/11/25 17:39:47| WARNING: ntlmauthenticator #1 (FD 11) exited 2004/11/25 17:39:47| WARNING: ntlmauthenticator #2 (FD 12) exited 2004/11/25 17:39:47| WARNING: basicauthenticator #5 (FD 20) exited Squid is running with the user/group nobody and the owenership for the folder and permissions are specified too drwxrw-rw- 2 root nobody 4096 Nov 23 16:41 winbindd_privileged What might be the problem? Do I need to make changes to any of the pam files? Thanks for the help =) __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[squid-users] streaming http
Hi, i am trying to stream endless html-pages through squid (this is a chat application). Squid seems to wait until the page is finished before delivering it to the browser. Is there a way to force squid to deliver the content as soon as it is received? I don't have access to the configuration yet, so I can't really solve this by trial&error. My first thought would be to disable caching of this page. I would greatly appreciate if somebody with knowledge of the internals could tell me if this would produce the desired effect and/or point me to the right place in the docs. Many Thanks, Matthias
RE: [squid-users] Forcing Squid to cache all pages in accelerator mode
> > All > > I have configured squid to run in accelerator mode in front > of our application server. > > ie > > User Browser <> Squid <> Application Server > > In our case, all URL's uniquely define a page, so we can > cache them with no fear of any session information meaning > that one user should see a different page for the same basic > URL. The URLs are generally of the form > http:///a_jsp_page?arguments. As our underlying data > only changes daily, i would like to just generate each URL > only once, and let squid serve copies to everyone else. > Hence, I also restart squid daily and clear the caches down. > > > I believe the following refresh_pattern sould do the job > > refresh_pattern . 1440100%1440 > ignore-reload override-lastmod override-expire reload-into-ims > > Unfortunately, this does not force all object to be cached - > I still get some TCP_MISS's for identical requests. Some > dynamic pages do get cached, but not even all the static > images are cached (as I can see via the TCP_MISS messages in the log). > > Is there a way that I can configure squid so that I can see > why the URL is a TCP_MISS (ie expired or whatever)? Is there > something else I am missing, to force squid to cache everything? > > I am using 2.5-STABLE on RedHat 9 > > Any pointers would be appreciated > > Many thanks to you all > As to the why of the MISSES : http://www.ircache.net/cgi-bin/cacheability.py may help. Probably this tool can be 'saved' and used in a local context too. M.
[squid-users] Forcing Squid to cache all pages in accelerator mode
All I have configured squid to run in accelerator mode in front of our application server. ie User Browser <> Squid <> Application Server In our case, all URL's uniquely define a page, so we can cache them with no fear of any session information meaning that one user should see a different page for the same basic URL. The URLs are generally of the form http:///a_jsp_page?arguments. As our underlying data only changes daily, i would like to just generate each URL only once, and let squid serve copies to everyone else. Hence, I also restart squid daily and clear the caches down. I believe the following refresh_pattern sould do the job refresh_pattern . 1440100%1440ignore-reload override-lastmod override-expire reload-into-ims Unfortunately, this does not force all object to be cached - I still get some TCP_MISS's for identical requests. Some dynamic pages do get cached, but not even all the static images are cached (as I can see via the TCP_MISS messages in the log). Is there a way that I can configure squid so that I can see why the URL is a TCP_MISS (ie expired or whatever)? Is there something else I am missing, to force squid to cache everything? I am using 2.5-STABLE on RedHat 9 Any pointers would be appreciated Many thanks to you all Tony -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.