[squid-users] help on mrtg
Hi All I hvae configure mrtg for squid. when i run indexmaker squid-mrtg.cfg --output=/var/www/html/squid.html i get the following error WARNING: Option[proxy-hit]: "target[proxy-srvkbinout]:" is unknown WARNING: Option[proxy-hit]: "cacheserverinkb&cacheserveroutkb:[EMAIL PROTECTED]:3401" is unknown ERROR: Please fix the error(s) in your config file can someone help me Thanks & Regards, Remy Almeida NIO System Admin Ph Office: +91-0832-2450421 Cell: 9822586093
AW: [squid-users] problem with 2 proxies in same network
-Ursprüngliche Nachricht- Von: Mark Elsen [mailto:[EMAIL PROTECTED] Gesendet: Montag, 16. Januar 2006 22:59 An: Mrvka Andreas Cc: Squid-Users Betreff: Re: [squid-users] problem with 2 proxies in same network > You may need : > > http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE12-SMB_BadFetch > > M. So, you say after recompiling squid without '-enable-ntlm-fail-open' These 2 proxies can co-exist again? I will give it a try. Thanks for that. Cheers Andrew
Re: [squid-users] problem with 2 proxies in same network
> Hi Mark, hi list. > > Squid -v on squids-STABLE12 should be a clone of squid-STABLE10. > Just, that i recompiled it with the same properties as you can see now. > > Just after turning off this STABLE12-machine our network relieves harmless > again > But anyway - i want to stay on actual security-prevention. > > My output of 'squid -v': > > Squid Cache: Version 2.5.STABLE12 > configure options: --with-dl --enable-snmp --enable-carp > --enable-useragent-log '--enable-auth=basic digest ntlm' > '--enable-basic-auth-helpers=LDAP MSNT NCSA PAM SMB YP getpwnam > multi-domain-NTLM' '--enable-ntlm-auth-helpers=SMB no_check' > --enable-digest-auth-helpers=password '--enable-external-acl-helpers=ip_user > ldap_group unix_group wbinfo_group' --enable-ntlm-fail-open > --enable-referer-log --enable-arp-acl --enable-htcp --enable-underscores > --enable-stacktraces --enable-delay-pools --enable-ssl --enable-cache-digests > --enable-poll --enable-x-accelerator-vary > > You may need : http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE12-SMB_BadFetch M.
RE: [squid-users] Squid with SquidGuard
> [EMAIL PROTECTED] mark]# su - squid > This account is currently not available. > [EMAIL PROTECTED] mark]# > Hmmm... *Should* that work? Kind of. It shouldn't work because the system has not given a shell to the user 'squid' (protecting the system against possible security risks.) It should work because "squid" will be used later to run "squidGuard". I start squid in a similar fashion and this is what 'ps -ef' shows us: root 1996 1 0 14:14 ?00:00:00 /usr/sbin/squid -D -sYC proxy 1998 1996 0 14:14 ?00:00:00 (squid) -D -sYC proxy 2008 1998 0 14:14 ?00:00:00 (squidGuard) -c /etc/squid/squid proxy 2009 1998 0 14:14 ?00:00:00 (squidGuard) -c /etc/squid/squid proxy 2010 1998 0 14:14 ?00:00:00 (squidGuard) -c /etc/squid/squid You can see that squid runs as root, but then the parent process is ran as "proxy" (the same user as "squid" on your machine). This same "proxy" user runs squidGuard. (side note: I can 'su - proxy' and get a prompt on my machine. ) That could be why your machine is not allowing squidGuard to start. A way for you to find out would be to give a shell to "squid" and then try and log in again as squid. If you get a prompt such as [EMAIL PROTECTED] ~]$ then you know "squid" has a shell, and you should go back to root user and run your 'service squid start' and see if that removes the error from cache.log. If not, restore your /etc/passwd file to what it was before this test and we'll keep looking for why squidGuard starts with errors. brian
Re: [squid-users] Squid with SquidGuard
Brian Phillips wrote: >'su - squid' > >It COMPLETELY sets you as the squid user. > >Are you starting squid as root? Or are you using the init scripts? Or are >you just running it on the command line as squid/proxy? > > > > If I try as a non-privileged user: [EMAIL PROTECTED] ~]$ su - squid Password: su: incorrect password (Don't know what the squid password is - should I? Can I find out?) If I try as root: [EMAIL PROTECTED] mark]# su - squid /usr/local/squidguard/bin/squidGuard -c /etc/squidguard.conf This account is currently not available. [EMAIL PROTECTED] mark]# [EMAIL PROTECTED] mark]# su - squid This account is currently not available. [EMAIL PROTECTED] mark]# Hmmm... *Should* that work? I start squid either by rebooting or with the command /sbin/service squid restart [or start or stop] (as root). Whichever way, it will start quite happily but will still list the same error in "cache.log" and the proxy will not work. Taking the "redirect_program /usr/local/squidguard/bin/squidGuard -c /etc/squidguard.conf" line out of squid.conf and restarting will allow squid to work properly. I can start squidGuard from the command line (as root) with the command: [EMAIL PROTECTED] mark]# /usr/local/squidguard/bin/squidGuard -d which gives the response: 2006-01-16 21:31:01 [16626] squidGuard 1.2.0 started (1137447061.766) 2006-01-16 21:31:01 [16626] squidGuard ready for requests (1137447061.806) (although I have to CTRL-c to get back to the command line - is that normal?) So - if my reasoning is correct, I can start squidGuard as root, but when squid tries to launch it, it fails because it does not have the right permissions somewhere or other. As you can see above I don't seem to be able to pretend to be squid myself so that I can start it from the command line and see what information I get... Any ideas? Thanks again Mark signature.asc Description: OpenPGP digital signature
AW: [squid-users] problem with 2 proxies in same network
Hi Mark, hi list. Squid -v on squids-STABLE12 should be a clone of squid-STABLE10. Just, that i recompiled it with the same properties as you can see now. Just after turning off this STABLE12-machine our network relieves harmless again But anyway - i want to stay on actual security-prevention. My output of 'squid -v': Squid Cache: Version 2.5.STABLE12 configure options: --with-dl --enable-snmp --enable-carp --enable-useragent-log '--enable-auth=basic digest ntlm' '--enable-basic-auth-helpers=LDAP MSNT NCSA PAM SMB YP getpwnam multi-domain-NTLM' '--enable-ntlm-auth-helpers=SMB no_check' --enable-digest-auth-helpers=password '--enable-external-acl-helpers=ip_user ldap_group unix_group wbinfo_group' --enable-ntlm-fail-open --enable-referer-log --enable-arp-acl --enable-htcp --enable-underscores --enable-stacktraces --enable-delay-pools --enable-ssl --enable-cache-digests --enable-poll --enable-x-accelerator-vary Cheers andrew -Ursprüngliche Nachricht- Von: Mark Elsen [mailto:[EMAIL PROTECTED] Gesendet: Montag, 16. Januar 2006 18:19 An: Mrvka Andreas Cc: squid-users@squid-cache.org Betreff: Re: [squid-users] problem with 2 proxies in same network > hi list, > > i have two proxies on the same network/domain (one is a clone of > another) > their names are proxy1 and proxy2. > I wanted to update one proxy from version 2.5-STABLE10 to STABLE 12. > > After this update the network authentication via ntlm_auth doesn't work > anymore. > In the STABLE12-case, what is the output of : % squid -v M.
RE: [squid-users] squid QoS
Thanks -Original Message- From: Mark Elsen [mailto:[EMAIL PROTECTED] Sent: segunda-feira, 16 de Janeiro de 2006 19:17 To: [EMAIL PROTECTED] Cc: squid-users@squid-cache.org Subject: Re: [squid-users] squid QoS > Hi there, > > I would like to know if is there any way to get some QoS in squid based on > users/ip. > Example : > > user 1 -- has a total of 100 kbits of bandwidth > user 2 -- has a total of 50 kbits of bandwidth > user 3 -- has no limits regard bandwidth http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#ss19.8 M.
Re: [squid-users] Squid with SquidGuard
Quoting from my own message... Mark Sansome wrote: >2006/01/14 21:36:07| comm_open: FD 7 is a new socket >2006/01/14 21:36:07| fd_open FD 7 squidGuard >2006/01/14 21:36:07| ipcCreate: prfd FD 7 >2006/01/14 21:36:07| ipcCreate: pwfd FD 7 >2006/01/14 21:36:07| ipcCreate: crfd FD 6 >2006/01/14 21:36:07| ipcCreate: cwfd FD 6 >2006/01/14 21:36:07| ipcCreate: FD 7 sockaddr 127.0.0.1:32990 >2006/01/14 21:36:07| ipcCreate: FD 6 sockaddr 127.0.0.1:32989 >2006/01/14 21:36:07| ipcCreate: FD 6 listening... >2006/01/14 21:36:07| leave_suid: PID 12881 called >2006/01/14 21:36:07| leave_suid: PID 12881 giving up root priveleges >forever >2006/01/14 21:36:07| ipcCreate: calling accept on FD 6 >2006/01/14 21:36:07| comm_close: FD 6 >2006/01/14 21:36:07| commCallCloseHandlers: FD 6 >2006/01/14 21:36:07| fd_close FD 6 squidGuard >2006/01/14 21:36:07| connect FD 7: (13) Permission denied >2006/01/14 21:36:07| comm_close: FD 7 >2006/01/14 21:36:07| commCallCloseHandlers: FD 7 >2006/01/14 21:36:07| fd_close FD 7 squidGuard >2006/01/14 21:36:07| WARNING: Cannot run >'/usr/local/squidguard/bin/squidGuard' process. > I guess the important line here is "connect FD 7: (13) Permission denied" My question is how do I find out *exactly* what is being denied? I have followed every guide I can find, read every HowTo, scanned every FAQ and followed all the instructions on file ownership and permissions. Almost everything to do with squidGuard has file ownerships of squid.squid and still I get this error If I run squidGuard on its own as root it seems to work. Is there any way I can try to run it as user "squid" from the command line to see if I get any more information? Trying "su squid" obviously didn't work (but I had to try it anyway). Is there anything else I can try? Hoping you can help Thanks Mark signature.asc Description: OpenPGP digital signature
Re: [squid-users] squid QoS
> Hi there, > > I would like to know if is there any way to get some QoS in squid based on > users/ip. > Example : > > user 1 -- has a total of 100 kbits of bandwidth > user 2 -- has a total of 50 kbits of bandwidth > user 3 -- has no limits regard bandwidth http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#ss19.8 M.
[squid-users] squid QoS
Hi there, I would like to know if is there any way to get some QoS in squid based on users/ip. Example : user 1 -- has a total of 100 kbits of bandwidth user 2 -- has a total of 50 kbits of bandwidth user 3 -- has no limits regard bandwidth Thanks, Bruno Sousa
Re: [squid-users] problem with 2 proxies in same network
> hi list, > > i have two proxies on the same network/domain (one is a clone of > another) > their names are proxy1 and proxy2. > I wanted to update one proxy from version 2.5-STABLE10 to STABLE 12. > > After this update the network authentication via ntlm_auth doesn't work > anymore. > In the STABLE12-case, what is the output of : % squid -v M.
RE: [squid-users] Simple command for purging entire cache?
Morten Assuming your cache directories are in the directory /var/squid/cache and you're running a UNIX/LINUX system, the command "rm -rf /var/squid/cache/ &" will work just fine. But before restarting squid, you must recreate the cache directories with the command squid -z. I automate the process by using the following commands in a script: #Stop squid services /etc/opt/squid/sbin/squid -k shutdown #Wait 30 seconds for all squid processes to stop sleep 30 #Change to squid cache directory cd /squidcache #Remove squid cache rm -rf * #Recreate squid cache directories /etc/opt/squid/sbin/squid -z #Restart squid /etc/opt/squid/sbin/squid -s -f /etc/opt/squid/etc/squid.conf You'll have to modify this script to fit your particular installation. Hope this helps Bob Morrison Network Administrator Wallingford CT Public Schools USA -Original Message- From: Morten W. Petersen [mailto:[EMAIL PROTECTED] Sent: Monday, January 16, 2006 9:34 AM To: squid-users@squid-cache.org Subject: [squid-users] Simple command for purging entire cache? Hi, I was wondering if anyone know of a way to purge the entire cache in one go.. any suggestions? Thanks, Morten -- Morten W. Petersen Email: [EMAIL PROTECTED] Phone: +47 45 44 00 69 Title: Project manager Nidelven IT (http://www.nidelven-it.no) We provide Zope/Plone hosting and consulting
Re: [squid-users] Simple command for purging entire cache?
Also sprach "Morten W. Petersen" <[EMAIL PROTECTED]> (Mon, 16 Jan 2006 15:33:48 +0100): > Hi, > > I was wondering if anyone know of a way to purge the entire cache in one > go.. any suggestions? http://www.squid-cache.org/Doc/FAQ/FAQ-7.html#ss7.3 > Thanks, > > Morten sl ritch
Re: [squid-users] Simple command for purging entire cache?
On Monday 16 January 2006 15:33, Morten W. Petersen wrote: > I was wondering if anyone know of a way to purge the entire cache in one > go.. any suggestions? There is. Please see the FAQ. Christoph -- Never trust a system administrator who carries a tie and suit.
[squid-users] Simple command for purging entire cache?
Hi, I was wondering if anyone know of a way to purge the entire cache in one go.. any suggestions? Thanks, Morten -- Morten W. Petersen Email: [EMAIL PROTECTED] Phone: +47 45 44 00 69 Title: Project manager Nidelven IT (http://www.nidelven-it.no) We provide Zope/Plone hosting and consulting begin:vcard fn:Morten Petersen n:Petersen;Morten org:Nidelven IT adr:;;Postboks 923;Trondheim;;7409;Norway email;internet:[EMAIL PROTECTED] title:Project Manager tel;work:+47 45 44 00 69 tel;cell:+47 45 44 00 69 x-mozilla-html:FALSE url:http://www.nidelven-it.no version:2.1 end:vcard
Re: [squid-users] SNMP
Also sprach "Remy Almeida" <[EMAIL PROTECTED]> (Mon, 16 Jan 2006 19:27:35 +0530): > Hi > i get the following please don't top-post. please no PM. > [EMAIL PROTECTED] snmp-net]# snmpwalk -c public -v1 -m /etc/squid/mib.txt > 127.0.0.1:3401 > End of MIB > [EMAIL PROTECTED] snmp-net]# > > what does that means Please read some docs on snmp or at least snmpwalk's manpage. snmpwalk -c public -v1 -m /etc/squid/mib.txt 127.0.0.1:3401 system /^^ You didn't specify what to look for > Regards, > Remy sl ritch
Re: [squid-users] throughput limitation from cache
> Also sprach Henrik Nordstrom <[EMAIL PROTECTED]> (Sat, 14 Jan 2006 > 00:03:47 +0100 (CET)): > > What type of cache_dir are you using? On 14.01 09:25, Richard Mittendorfer wrote: > 2x diskd > > Squid version? > 2.5stable12, Debian's prebuild. Debian GNU/Linux I guess... why diskd and not aufs then? > > Why I ask is because diskd is known to be somewhat slow on large cache > > Not really large. 2x 1G. It's no storage bottleneck I believe. I think you could enlarge it a bit... -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. - Have you got anything without Spam in it? - Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
Re: [squid-users] Difficulty accessing SWG site
At 1137187311s since epoch (01/13/06 10:21:51 -0500 UTC), Mark Elsen wrote: > > No, I still get the delay (that was Test #3 in my original message). > > Checkout, using squid in your standard mode what the site return headers > are with : > > http://web-sniffer.net/ Site returns immediately with: HTTP Status Code: HTTP/1.1 200 OK Date: Mon, 16 Jan 2006 13:32:11 GMT Server: Apache/2.0.55 (Unix) mod_jk/1.2.14 Set-Cookie: LiSESSIONID:swg-0=F66E2965972B33179522039FA98C4121; Path=/ Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control:no-cache Vary: Accept-Encoding Connection: close Content-Type: text/html;charset=UTF-8 For comparison, here are the headers returned when I connect through my transparent proxy (which causes the 30-second delay): HTTP Status Code: HTTP/1.0 200 OK Date: Mon, 16 Jan 2006 13:47:50 GMT Server: Apache/2.0.55 (Unix) mod_jk/1.2.14 Set-Cookie: LiSESSIONID:swg-0=3F69975ACF35B4AD5A1248C0B9790F08; Path=/ Pragma: No-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Cache-Control:no-cache Vary: Accept-Encoding Content-Type: text/html;charset=UTF-8 X-Cache: MISS from proxy.suffieldacademy.org X-Cache-Lookup: MISS from proxy.suffieldacademy.org:3128 Connection: close So it doesn't look like there's anything weird in the headers... Jason -- Jason Healy http://www.logn.net/
Re: [squid-users] Weird problem with Freebsd 6.0+Squid 2.5 Stable12+routers
> On Friday 13 January 2006 09:46, Henrik Nordstrom wrote: > > It is rumored pthreads on FreeBSD 5 should work fine for aufs, but I have > > not verified this. On 13.01 18:16, H wrote: > do not know that either but long time I didn't tried this since diskd is > giving me an excellent performance aufs fhould give better, without need for tuning shmem segments... > > aufs requires a pthreads implementation using kernel threads, allowing > > multiple threads to be waiting for disk I/O to complete. It does not > > work with user level threads where the whole process gets blocked if one > > thread is blocked by disk I/O. > that would be than the reason why Edinilson's squid stops working after > some time when compiling with-pthreads > > I tried once with gnu-pthreads and some tweak but the performance wasn't > good and I had no time so I left pthreads the problem on FreeBSD 4 was that even if kernel did support threads, libc did not. linuxthreads on FreeBSD 4 did support kernel-space threads, but not posix threads from libc. This problem does not apply to FreeBSD 5 -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are
Re: [squid-users] SNMP
Also sprach "Remy Almeida" <[EMAIL PROTECTED]> (Mon, 16 Jan 2006 18:50:17 +0530): > Hi All > Can anyone tell me how to configure snmp for mrtg. i get the > following > error. > > [EMAIL PROTECTED] mrtg]# cfgmaker --global 'WorkDir: /var/www/html' > --output mrtg.cfg 127.0.0.1 > --base: Get Device Info on [EMAIL PROTECTED]: > SNMP Error: > no response received > SNMPv1_Session (remote host: "127.0.0.1" [127.0.0.1].161) > community: "public" > request ID: -234327977 > PDU bufsize: 8000 bytes > timeout: 2s > retries: 5 > backoff: 1) > at /usr/bin/../lib64/mrtg2/SNMP_util.pm line 570 > SNMPWALK Problem for 1.3.6.1.2.1.1 on [EMAIL PROTECTED]: > at /usr/bin/cfgmaker line 709 > [EMAIL PROTECTED] mrtg]# Dont'd know about mrtg, but Squid's snmp is listening (if configured) on Port 3401. You may have to add this to your query. $ snmpwalk -c public -v1 -m /usr/share/squid/mib.txt 127.0.0.1:3401 sl ritch
[squid-users] CAS support
Hi Is possible implement CAS in a environment with squid? http://www.ja-sig.org/wiki/display/CAS/Home Thanks Emilio C.
[squid-users] SNMP
Hi All Can anyone tell me how to configure snmp for mrtg. i get the following error. [EMAIL PROTECTED] mrtg]# cfgmaker --global 'WorkDir: /var/www/html' --output mrtg.cfg 127.0.0.1 --base: Get Device Info on [EMAIL PROTECTED]: SNMP Error: no response received SNMPv1_Session (remote host: "127.0.0.1" [127.0.0.1].161) community: "public" request ID: -234327977 PDU bufsize: 8000 bytes timeout: 2s retries: 5 backoff: 1) at /usr/bin/../lib64/mrtg2/SNMP_util.pm line 570 SNMPWALK Problem for 1.3.6.1.2.1.1 on [EMAIL PROTECTED]: at /usr/bin/cfgmaker line 709 [EMAIL PROTECTED] mrtg]# Thanks & Regards, Remy Almeida NIO System Admin Ph Office: +91-0832-2450421 Cell: 9822586093
[squid-users] problem with 2 proxies in same network
hi list, i have two proxies on the same network/domain (one is a clone of another) their names are proxy1 and proxy2. I wanted to update one proxy from version 2.5-STABLE10 to STABLE 12. After this update the network authentication via ntlm_auth doesn't work anymore. so i tried to create a domain account for proxy2 again. But after this proxy1 stopped to authenticate! I was confused that my change had an influence to proxy1 ??? Please can anybody tell me what went wrong? 'cause after creating old proxy1 domain account again, this correlations went away. btw: what is the perfect setting for ntlm authentication for about 300 people? my config script: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp /etc/samba/smb.conf auth_param ntlm children 20 auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 20 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 10 minutes authenticate_ttl 2 minutes authenticate_ip_ttl 20 seconds proxy and domain controller are connected via gigabit. thanks in advance! cheers, andrew
