[squid-users] Re: negotiate_kerberos_auth - Operation not permitted
If I look at the source no_suid is only called when chroot is configured and that works only when you run squid as root. Do you use chroot ? Markus Подшивалов Антон supp...@murmansk-tisiz.ru wrote in message news:f12fa1c4899e5a792ca5791746dfa...@murmansk-tisiz.ru... Hello and Happy New Year! Please help with my trouble. I want use kerberos authorisation, but in user browser appear window with authorization dialog, and any users can't pass it. squid.conf: auth_param negotiate program /usr/local/libexec/squid/negotiate_kerberos_auth -d -s HTTP/proxy.m-tisiz.local@M-TISIZ.LOCAL auth_param negotiate children 5 auth_param negotiate keep_alive on external_acl_type ext_kerberos_ldap_group_acl ttl=60 negative_ttl=60 %LOGIN /usr/local/libexec/squid/ext_kerberos_ldap_group_acl -d -g inet_users@ -D m-tisiz.local acl ldap_group_check external ext_kerberos_ldap_group_acl In /usr/local/etc/rc.d/squid: KRB5_KTNAME=/usr/local/etc/squid/HTTP.keytab export KRB5_KTNAME proxy# ls -la | grep HTTP.keytab -rwxrwxrwx 1 squid squid 387 Jan 1 14:14 HTTP.keytab (this permission for test only) 2013/01/02 12:50:47 kid1| Starting Squid Cache version 3.2.4 for i386-portbld-freebsd8.3... 2013/01/02 12:50:47 kid1| Process ID 37309 2013/01/02 12:50:47 kid1| Process Roles: worker 2013/01/02 12:50:47 kid1| With 11095 file descriptors available 2013/01/02 12:50:47 kid1| Initializing IP Cache... 2013/01/02 12:50:47 kid1| DNS Socket created at 0.0.0.0, FD 7 2013/01/02 12:50:47 kid1| Adding domain m-tisiz.local from /etc/resolv.conf 2013/01/02 12:50:47 kid1| Adding nameserver 192.168.100.244 from /etc/resolv.conf 2013/01/02 12:50:47 kid1| Adding nameserver 192.168.100.250 from /etc/resolv.conf 2013/01/02 12:50:47 kid1| helperOpenServers: Starting 0/5 'negotiate_kerberos_auth' processes 2013/01/02 12:50:47 kid1| helperStatefulOpenServers: No 'negotiate_kerberos_auth' processes needed. 2013/01/02 12:50:47 kid1| helperOpenServers: Starting 5/5 'ext_kerberos_ldap_group_acl' processes 2013/01/02 12:50:47 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2013/01/02 12:50:47 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2013/01/02 12:50:47 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2013/01/02 12:50:47 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted kerberos_ldap_group.cc(336): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: INFO: Starting version 1.3.0sq support_group.cc(367): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: INFO: Group list inet_users@ support_group.cc(425): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: INFO: Group inet_users Domain support_netbios.cc(62): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: DEBUG: Netbios list NULL support_netbios.cc(66): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: DEBUG: No netbios names defined. support_lserver.cc(61): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: DEBUG: ldap server list NULL support_lserver.cc(65): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: DEBUG: No ldap servers defined. 2013/01/02 12:50:47 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2013/01/02 12:50:47 kid1| Unlinkd pipe opened on FD 23 2013/01/02 12:50:47 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2013/01/02 12:50:47 kid1| Logfile: opening log daemon:/usr/squid/log/store.log 2013/01/02 12:50:47 kid1| Logfile Daemon: opening log /usr/squid/log/store.log 2013/01/02 12:50:47 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2013/01/02 12:50:47 kid1| Swap maxSize 1843200 + 204800 KB, estimated 157538 objects 2013/01/02 12:50:47 kid1| Target number of buckets: 7876 2013/01/02 12:50:47 kid1| Using 8192 Store buckets 2013/01/02 12:50:47 kid1| Max Mem size: 204800 KB 2013/01/02 12:50:47 kid1| Max Swap size: 1843200 KB 2013/01/02 12:50:47 kid1| Rebuilding storage in /usr/squid/ (no log) 2013/01/02 12:50:47 kid1| Using Least Load store dir selection 2013/01/02 12:50:47 kid1| Current Directory is /usr/local/etc/squid 2013/01/02 12:50:47 kid1| Loaded Icons. 2013/01/02 12:50:47.414 kid1| AsyncCall.cc(22) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x293f6830 [call21] 2013/01/02 12:50:47.414 kid1| AsyncCall.cc(89) ScheduleCall: StartListening.cc(54) will call clientListenerConnectionOpened(local=0.0.0.0:3128 remote=[::] FD 27 flags=9, err=0, HTTP Socket port=0x28a16350) [call21] 2013/01/02 12:50:47.414 kid1| HTCP Disabled. 2013/01/02 12:50:47.414 kid1| Squid plugin modules loaded: 0 2013/01/02 12:50:47.414 kid1| AsyncCallQueue.cc(53) fireNext: entering clientListenerConnectionOpened(local=0.0.0.0:3128 remote=[::] FD 27 flags=9, err=0, HTTP Socket port=0x28a16350) 2013/01/02 12:50:47.414 kid1| AsyncCall.cc(34) make: make call clientListenerConnectionOpened [call21] 2013/01/02 12:50:47.414 kid1| Accepting HTTP Socket connections at local=0.0.0.0:3128 remote=[::] FD 27 flags=9
Re: [squid-users] Squid3 extremely slow for some website cnn.com
Hey muhammed, Since it's not squid issue but another network level thing I was wondering if you have tried to test something about MSS\MTU? Some ISP use hardware that can cause there kind of issues and can make it very difficult to find. Hope it will help you. Regards, Eliezer On 12/25/2012 2:38 PM, Muhammed Shehata wrote: Dear Amos, Is there any Ideas can help me in Java script issue Best Regards, *Muhammad Shehata* IT Network Security Engineer TEData Building A11- B90, Smart Village Km 28 Cairo - Alex Desert Road, 6th October, 12577, Egypt T: +20 (2) 33 32 0700 | Ext: 1532 F: +20 (2) 33 32 0800 | M: E: m.sheh...@tedata.net On 12/19/2012 01:02 PM, Amos Jeffries wrote: On 19/12/2012 7:24 a.m., Muhammad Shehata wrote: Dear amos, Is there any update Hi, I am currently in the process of moving house. So the work I can do on Squid is rather limited for 3-4 weeks. I hope to get to this soon, but cannot promise anything. Amos
Re: [squid-users] Re: negotiate_kerberos_auth - Operation not permitted
I run squid from rc.local: squid_enable=YES Top show that squid run by user squid: proxy# top | grep squid 1394 squid 1 440 23288K 14232K kqread 1 0:00 0.00% squid (If i kill squid daemon and start it again by root top show same log) I have not chroot configuration directive in squid.conf. Also if so i place HTTP.keytab to /usr/local/etc/squid where is another config file for squid (squid.conf for example). Markus Moeller писал 06.01.2013 20:34: If I look at the source no_suid is only called when chroot is configured and that works only when you run squid as root. Do you use chroot ? Markus Подшивалов Антон supp...@murmansk-tisiz.ru wrote in message news:f12fa1c4899e5a792ca5791746dfa...@murmansk-tisiz.ru... Hello and Happy New Year! Please help with my trouble. I want use kerberos authorisation, but in user browser appear window with authorization dialog, and any users can't pass it. squid.conf: auth_param negotiate program /usr/local/libexec/squid/negotiate_kerberos_auth -d -s HTTP/proxy.m-tisiz.local@M-TISIZ.LOCAL auth_param negotiate children 5 auth_param negotiate keep_alive on external_acl_type ext_kerberos_ldap_group_acl ttl=60 negative_ttl=60 %LOGIN /usr/local/libexec/squid/ext_kerberos_ldap_group_acl -d -g inet_users@ -D m-tisiz.local acl ldap_group_check external ext_kerberos_ldap_group_acl In /usr/local/etc/rc.d/squid: KRB5_KTNAME=/usr/local/etc/squid/HTTP.keytab export KRB5_KTNAME proxy# ls -la | grep HTTP.keytab -rwxrwxrwx 1 squid squid 387 Jan 1 14:14 HTTP.keytab (this permission for test only) 2013/01/02 12:50:47 kid1| Starting Squid Cache version 3.2.4 for i386-portbld-freebsd8.3... 2013/01/02 12:50:47 kid1| Process ID 37309 2013/01/02 12:50:47 kid1| Process Roles: worker 2013/01/02 12:50:47 kid1| With 11095 file descriptors available 2013/01/02 12:50:47 kid1| Initializing IP Cache... 2013/01/02 12:50:47 kid1| DNS Socket created at 0.0.0.0, FD 7 2013/01/02 12:50:47 kid1| Adding domain m-tisiz.local from /etc/resolv.conf 2013/01/02 12:50:47 kid1| Adding nameserver 192.168.100.244 from /etc/resolv.conf 2013/01/02 12:50:47 kid1| Adding nameserver 192.168.100.250 from /etc/resolv.conf 2013/01/02 12:50:47 kid1| helperOpenServers: Starting 0/5 'negotiate_kerberos_auth' processes 2013/01/02 12:50:47 kid1| helperStatefulOpenServers: No 'negotiate_kerberos_auth' processes needed. 2013/01/02 12:50:47 kid1| helperOpenServers: Starting 5/5 'ext_kerberos_ldap_group_acl' processes 2013/01/02 12:50:47 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2013/01/02 12:50:47 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2013/01/02 12:50:47 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2013/01/02 12:50:47 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted kerberos_ldap_group.cc(336): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: INFO: Starting version 1.3.0sq support_group.cc(367): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: INFO: Group list inet_users@ support_group.cc(425): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: INFO: Group inet_users Domain support_netbios.cc(62): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: DEBUG: Netbios list NULL support_netbios.cc(66): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: DEBUG: No netbios names defined. support_lserver.cc(61): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: DEBUG: ldap server list NULL support_lserver.cc(65): pid=37310 :2013/01/02 12:50:47| kerberos_ldap_group: DEBUG: No ldap servers defined. 2013/01/02 12:50:47 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2013/01/02 12:50:47 kid1| Unlinkd pipe opened on FD 23 2013/01/02 12:50:47 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2013/01/02 12:50:47 kid1| Logfile: opening log daemon:/usr/squid/log/store.log 2013/01/02 12:50:47 kid1| Logfile Daemon: opening log /usr/squid/log/store.log 2013/01/02 12:50:47 kid1| WARNING: no_suid: setuid(0): (1) Operation not permitted 2013/01/02 12:50:47 kid1| Swap maxSize 1843200 + 204800 KB, estimated 157538 objects 2013/01/02 12:50:47 kid1| Target number of buckets: 7876 2013/01/02 12:50:47 kid1| Using 8192 Store buckets 2013/01/02 12:50:47 kid1| Max Mem size: 204800 KB 2013/01/02 12:50:47 kid1| Max Swap size: 1843200 KB 2013/01/02 12:50:47 kid1| Rebuilding storage in /usr/squid/ (no log) 2013/01/02 12:50:47 kid1| Using Least Load store dir selection 2013/01/02 12:50:47 kid1| Current Directory is /usr/local/etc/squid 2013/01/02 12:50:47 kid1| Loaded Icons. 2013/01/02 12:50:47.414 kid1| AsyncCall.cc(22) AsyncCall: The AsyncCall clientListenerConnectionOpened constructed, this=0x293f6830 [call21] 2013/01/02 12:50:47.414 kid1| AsyncCall.cc(89) ScheduleCall: StartListening.cc(54) will call clientListenerConnectionOpened(local=0.0.0.0:3128 remote=[::] FD 27 flags=9, err=0, HTTP Socket port=0x28a16350) [call21] 2013/01/02 12:50:47.414 kid1| HTCP
[squid-users] Compile error on 3.2.5 with Solaris 10 SPARC / SunStudio 12.3
Hi! - I'm trying to compile squid 3.2.5 on Solaris 10 SPARC using SunStudio 12.3, and produces the following error at link fase: CC -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\/usr/local/squid/etc/squid.conf\ -DDEFAULT_SQUID_DATA_DIR=\/usr/local/squid/share\ -DDEFAULT_SQUID_CONFIG_DIR=\/usr/local/squid/etc\ -I.. -I../include -I../lib -I../src -I../include -I../libltdl -I../src -I../libltdl -I/usr/local/include -errwarn=%all,no%badargtype2w,no%wbadinit,no%wbadasg -errtags -D_REENTRANT -lpthread -erroff=wvarhidemem,nullref,identexpected -library=stlport4 -c -o swap_log_op.o swap_log_op.cc /bin/bash ../libtool --tag=CXX --mode=link CC -errwarn=%all,no%badargtype2w,no%wbadinit,no%wbadasg -errtags -D_REENTRANT -lpthread -erroff=wvarhidemem,nullref,identexpected -library=stlport4 -export-dynamic -dlopen force -g -o squid AclRegs.o AuthReg.o AccessLogEntry.o AsyncEngine.o cache_cf.o CacheDigest.o cache_manager.o carp.o cbdata.o ChunkedCodingParser.o client_db.o client_side.o client_side_reply.o client_side_request.o BodyPipe.o clientStream.o CompletionDispatcher.o ConfigOption.o ConfigParser.o CpuAffinity.o CpuAffinityMap.o CpuAffinitySet.o debug.o delay_pools.o DelayId.o DelayBucket.o DelayConfig.o DelayPool.o DelaySpec.o DelayTagged.o DelayUser.o DelayVector.o NullDelayId.o ClientDelayConfig.o disk.o DiskIO/DiskIOModule.o DiskIO/ReadRequest.o DiskIO/WriteRequest.o dlink.o dns_internal.o DnsLookupDetails.o errorpage.o ETag.o event.o EventLoop.o external_acl.o ExternalACLEntry.o FadingCounter.o fd.o fde.o filemap.o forward.o fqdncache.o ftp.o gopher.o helper.o HelperChildConfig.o htcp.o http.o HttpStatusLine.o HttpHdrCc.o HttpHdrRange.o HttpHdrSc.o HttpHdrScTarget.o HttpHdrContRange.o HttpHeader.o HttpHeaderTools.o HttpBody.o HttpMsg.o HttpParser.o HttpReply.o HttpRequest.o HttpRequestMethod.o icp_v2.o icp_v3.o int.o internal.o ipc.o ipcache.o list.o main.o mem.o mem_node.o MemBuf.o MemObject.o mime.o mime_header.o multicast.o neighbors.o Packer.o Parsing.o pconn.o peer_digest.o peer_proxy_negotiate_auth.o peer_select.o peer_sourcehash.o peer_userhash.o redirect.o refresh.o RemovalPolicy.o send-announce.o MemBlob.o SquidMath.o SquidNew.o stat.o StatCounters.o StatHist.o String.o stmem.o store.o StoreFileSystem.o store_io.o StoreIOState.o store_client.o store_digest.o store_dir.o store_key_md5.o store_log.o store_rebuild.o store_swapin.o store_swapmeta.o store_swapout.o StoreMeta.o StoreMetaMD5.o StoreMetaSTD.o StoreMetaSTDLFS.o StoreMetaUnpacker.o StoreMetaURL.o StoreMetaVary.o StoreStats.o StoreSwapLogData.o Server.o SwapDir.o MemStore.o time.o tools.o tunnel.o unlinkd.o url.o URLScheme.o urn.o wccp.o wccp2.o whois.o wordlist.o LoadableModule.o LoadableModules.o DiskIO/DiskIOModules_gen.o err_type.o err_detail_type.o globals.o hier_code.o icp_opcode.o lookup_t.o repl_modules.o swap_log_op.o auth/libacls.la ident/libident.la acl/libacls.la eui/libeui.la acl/libstate.la auth/libauth.la libBlocking.a libDiskDaemon.a libDiskThreads.a libMmapped.a acl/libapi.la base/libbase.la libsquid.la ip/libip.la fs/libfs.la ipc/libipc.la mgr/libmgr.la anyp/libanyp.la comm/libcomm.la eui/libeui.la icmp/libicmp.la icmp/libicmp-core.la log/liblog.la format/libformat.la DiskIO/Blocking/BlockingDiskIOModule.o DiskIO/DiskDaemon/DiskDaemonDiskIOModule.o DiskIO/DiskThreads/DiskThreadsDiskIOModule.o DiskIO/Mmapped/MmappedDiskIOModule.o repl/liblru.a -lcrypt -lmd5 ssl/libsslsquid.la ssl/libsslutil.la ../lib/libmisccontainers.la ../lib/libmiscencoding.la ../lib/libmiscutil.la -L/usr/local/lib -lssl -lcrypto-L../compat -lcompat-squid -lm -lsocket -lresolv -lnsl -lrt -L.. ../libltdl/libltdlc.la libtool: link: rm -f .libs/squid.nm .libs/squid.nmS .libs/squid.nmT libtool: link: (cd .libs cc -xc99 -D_XOPEN_SOURCE=600 -D_XPG6 -c squidS.c) libtool: link: rm -f .libs/squidS.c .libs/squid.nm .libs/squid.nmS .libs/squid.nmT libtool: link: CC -errwarn=%all,no%badargtype2w,no%wbadinit,no%wbadasg -errtags -D_REENTRANT -erroff=wvarhidemem,nullref,identexpected .libs/squidS.o -g -o squid AclRegs.o AuthReg.o AccessLogEntry.o AsyncEngine.o cache_cf.o CacheDigest.o cache_manager.o carp.o cbdata.o ChunkedCodingParser.o client_db.o client_side.o client_side_reply.o client_side_request.o BodyPipe.o clientStream.o CompletionDispatcher.o ConfigOption.o ConfigParser.o CpuAffinity.o CpuAffinityMap.o CpuAffinitySet.o debug.o delay_pools.o DelayId.o DelayBucket.o DelayConfig.o DelayPool.o DelaySpec.o DelayTagged.o DelayUser.o DelayVector.o NullDelayId.o ClientDelayConfig.o disk.o DiskIO/DiskIOModule.o DiskIO/ReadRequest.o DiskIO/WriteRequest.o dlink.o dns_internal.o DnsLookupDetails.o errorpage.o ETag.o event.o EventLoop.o external_acl.o ExternalACLEntry.o FadingCounter.o fd.o fde.o filemap.o forward.o fqdncache.o ftp.o gopher.o helper.o HelperChildConfig.o htcp.o http.o HttpStatusLine.o HttpHdrCc.o HttpHdrRange.o HttpHdrSc.o HttpHdrScTarget.o HttpHdrContRange.o HttpHeader.o HttpHeaderTools.o HttpBody.o HttpMsg.o HttpParser.o HttpReply.o