Re: [squid-users] Newbie question - Can anyone help with denied access
Hi Jonathan, did you set up ACLs in your squid.conf? It seems to me that you don't have the rights to use the proxy. Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994 [EMAIL PROTECTED] dyear.co.zaTo: [EMAIL PROTECTED] cc: Subject: [squid-users] Newbie question - Can anyone help with denied access List, thanks for help in advance. I have read a lot of documents and have setup my Squid 2.5 STABLE1 server according to a detailed document, I did find differences in the location of the Squid binaries and files on my RH9 installation of Squid. The Squid server daemon starts fine when I run the following as root from the bash prompt: squid -N -d 1 -D When I try to access the web page from a standard NT Windows 2000 machine using Internet Explorer 5.0 I get the following error message from my Linux Squid server: ---START Error Message Below --- ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.google.com/ The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is root. Generated Mon, 24 Nov 2003 18:06:44 GMT by zaulnx01 (squid/2.5.STABLE1) --- END Error Message Below --- Can any experienced guy point me in the rigfht direction quickly??? All help appreciated. Do I make a change in squid.conf or to actual directory perms?? Thanks Jonathan Hughes Tech Support / Server Admin Goodyear South Africa
[squid-users] Clearing cache on SquidNT?
Hi there, could someone please tell me how to clear the cache of squidNT? Is there a special command to use? Thanks in advance, Tombone Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994
[squid-users] Squid logrotate - Howto??
Hey folkes, I have a question again. I want to set up a logrotation for squid on Redhat 9. I created a file /etc/logrotate.d/squid with the following content: /usr/local/squid/var/logs/access.log { daily rotate 14 copytruncate compress notifempty missingok } /usr/local/squid/var/logs/cache.log { daily rotate 14 copytruncate compress notifempty missingok } /usr/local/squid/var/logs/store.log { daily rotate 14 copytruncate compress notifempty missingok postrotate /usr/local/squid/sbin/squid -k rotate endscript } But the rotation didn't work. I would like the rotation to start daily at midnight. What did I make wrong? Or is there anything else to configure what I forgot? Thanks in advance! Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994
[squid-users] Problem with squid.init!
Hi there, I have a problem with my squid start script in the /etc/init.d/ I use squid-2.5STABLE3 source code on REDHAT 9. I modified a squid script, so that I can start squid by /etc/init.d/squid start and stop with /etc/init.d/squid stop. I want squid to start automatically at the startup of the system. But when I do chkconfig --list | grep squid nothing shows up! Does someone know what the problem can be? Thanks in advance! Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994
Re: [squid-users] Problem with squid.init! [solved]
Thanks a lot! That was what I needed! Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994 Didier ALBENQUE [EMAIL PROTECTED]To: [EMAIL PROTECTED] re.gouv.fr cc: Subject: Re: [squid-users] Problem with squid.init! Le Thu, 13 Nov 2003 11:53:12 -0500, [EMAIL PROTECTED] écrivait : Hi there, Hi, the startup of the system. But when I do chkconfig --list | grep squid nothing shows up! Does someone know what the problem can be? You must specify two lines like this in your init script : # chkconfig: 345 90 25 # description: Squid - Internet Object Cache. Then type : chkconfig --add squid man chkconfig for more details. -- Didier ALBENQUE DAG/DSI/MIVT
[squid-users] Monitoring Linux Squid from NT Client?
Hi folks, is there a possibility for monitoring squid running on linux from a NT client? Has someone any experiences with it? Which tools can you advice? Are there some howtos available? Thanks in advance! Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994
Re: [squid-users] Squid crashes right after start!
Hi there, there are no files in /usr/local/squid/var/logs!! What is the problem? Can someone help? Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994 Henrik Nordstrom [EMAIL PROTECTED]To: [EMAIL PROTECTED] org cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Squid crashes right after start! On Fri, 7 Nov 2003 [EMAIL PROTECTED] wrote: seconds later squid is dead! But it doesn't show any error message. What did I do wrong? Any clues in cache.log and/or your systems messages file? Regards Henrik
RE: [squid-users] Squid crashes right after start!
There is also no file cache.log!! Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994 Adam Aube [EMAIL PROTECTED]To: [EMAIL PROTECTED] endent.net cc: Subject: RE: [squid-users] Squid crashes right after start! finally I got samba 2.2.8a running. But if I gonna start squid now, it crashes after about 10 sec Is there anything in cache.log? Adam
Re: AW: [squid-users] Squid crashes right after start!
Hi Werner, I checked all this. Everything is fine, but squid still crashes 10 sec after start. still no files in /usr/local/squid/var/logs Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994 [EMAIL PROTECTED] mTo: [EMAIL PROTECTED], [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject: AW: [squid-users] Squid crashes right after start! Maybe the squid user has no permission to create cache.log in directory /usr/local/squid/var. try: 1. chmod 777 /usr/local/squid/var 2. start squid 3. ls -l /usr/local/squid/var File cache.log in /usr/local/squid/var? If not: Maybe /usr/local/squid/var is the wrong place. Look in squid.conf for cache_log which defines the place for cache.log. Look für that file. Mit freundlichem Gruß / regards Werner Rost GM-FIR - Netzwerk ZF Boge Elastmetall GmbH Friesdorfer Str. 175 53175 Bonn Tel. +49 228 38 25 - 420 Fax +49 228 38 25 - 398 mailto:[EMAIL PROTECTED] www.zf.com/boge-elastmetall -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Gesendet: Montag, 10. November 2003 16:49 An: Henrik Nordstrom Cc: [EMAIL PROTECTED] Betreff: Re: [squid-users] Squid crashes right after start! Hi there, there are no files in /usr/local/squid/var/logs!! What is the problem? Can someone help? Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994 Henrik Nordstrom [EMAIL PROTECTED]To: [EMAIL PROTECTED] org cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Squid crashes right after start! On Fri, 7 Nov 2003 [EMAIL PROTECTED] wrote: seconds later squid is dead! But it doesn't show any error message. What did I do wrong? Any clues in cache.log and/or your systems messages file? Regards Henrik
Re: [squid-users] Squid crashes right after start!
Ok, I fixed it! It was a permission problem. But now the squid gives all NT users access to the internet. I used in my squid.conf: external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wb_group acl ProxyUsers external NT_global_group Internet2 acl password proxy_auth REQUIRED http_access allow password http_access allow ProxyUsers http_access deny all And in my cache.log everythings fine except: ipcCreate: /usr/local/squid/libexec/: (13) Permission denied ... icmpRecv: recv: (111) Connection refused Any hints, that only authorized users which are in the NT global group Internet2 have access to the Internet? Thanx in advance! Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994 Henrik Nordstrom [EMAIL PROTECTED]To: [EMAIL PROTECTED] org cc: Henrik Nordstrom [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [squid-users] Squid crashes right after start! Anything in your systems messages file? Regards Henrik On Mon, 10 Nov 2003 [EMAIL PROTECTED] wrote: Hi there, there are no files in /usr/local/squid/var/logs!! What is the problem? Can someone help? Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994 Henrik Nordstrom [EMAIL PROTECTED]To: [EMAIL PROTECTED] org cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Squid crashes right after start! On Fri, 7 Nov 2003 [EMAIL PROTECTED] wrote: seconds later squid is dead! But it doesn't show any error message. What did I do wrong? Any clues in cache.log and/or your systems messages file? Regards Henrik
RE: [squid-users] Squid crashes right after start!
Thanks a lot!! That solved the problem!! Now one more question: How can I set up a squid.init in /etc/init.d/? Or can someone send me his? Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994 Adam Aube [EMAIL PROTECTED]To: [EMAIL PROTECTED] endent.net cc: Subject: RE: [squid-users] Squid crashes right after start! Ok, I fixed it! It was a permission problem. But now the squid gives all NT users access to the internet. I used in my squid.conf: external_acl_type NT_global_group %LOGIN /usr/local/squid/libexec/wb_group acl ProxyUsers external NT_global_group Internet2 acl password proxy_auth REQUIRED http_access allow password http_access allow ProxyUsers http_access deny all The password acl is processed by http_access before the ProxyUsers acls, and allows access to any authenticated user before Squid even checks the user's group membership. Remove the password acl (and its corresponding http_access line) and you'll be all set there. And in my cache.log everythings fine except: ipcCreate: /usr/local/squid/libexec/: (13) Permission denied ... icmpRecv: recv: (111) Connection refused This is probably a permissions issue as well - make sure the user Squid runs as has read and execute rights to /usr/local/squid/libexec, all files in this directory, and all parent directories. Adam
[squid-users] Squid crashes right after start!
Hi there, finally I got samba 2.2.8a running. wbinfo -t - secret is good wbinfo -g - shows all groups wbinfo -u - shows all users wbinfo -a - succeeded with both messages! wb_auth -d - returns OK! wb_group -d - returns OK! But if I gonna start squid now, it crashes after about 10 sec (?). I use squid-2.5.Stable3.tar.gz. I configured the squid.conf. I start it /usr/local/squid/sbin/squid start. and if I check with ps -ae | grep squid it shows that squid is running. If I check seconds later squid is dead! But it doesn't show any error message. What did I do wrong? Can someone please help me? Thanks in advance! Regards, Tommy Hansgrohe, Inc. Information Service 1492 Bluegrass Lakes Parkway Alpharetta, GA 30004 phone (+001) 678 - 762 - 6994
RE: [squid-users] -- problem with wb_ntlmauth !
Hi Adam, I have similar problems. 1) I only see the plaintext line. NO challenge respnse line! 2) IE6 6.0.2600.IC 3) it happens all the time Is it okay to write under that topic, or do I have to create a new posting? I have the same probs like Alex. thx tommy Adam Aube [EMAIL PROTECTED]To: [EMAIL PROTECTED] endent.net cc: Subject: RE: [squid-users] -- problem with wb_ntlmauth ! When I open the browser (IE) it asks me for username, password and Domain. 1) When you use the wbinfo -a test, do you see both a plain text and challenge response line? 2) What version of IE (including service pack level) are you using? 3) Does this happen all the time, or some of the time? Adam
[squid-users] Squid error using winbind!
Hi folks, got a bit further with my squid - winbind - nt - seamless login problem, but squid is still showing n error and the prompt is also still showing up. Here are the error messages: [EMAIL PROTECTED] root]# /etc/rc.d/init.d/squid restart Stopping squid: 2003/10/30 10:41:59| Parsing Config File: Unknown authentication scheme 'ntlm'. 2003/10/30 10:41:59| Parsing Config File: Unknown authentication scheme 'ntlm'. 2003/10/30 10:41:59| parseConfigFile: line 1178 unrecognized: 'auth-param ntlm max_challenge_reuses 0' 2003/10/30 10:41:59| Parsing Config File: Unknown authentication scheme 'ntlm'. . [ OK ] Starting squid: . [ OK ] [EMAIL PROTECTED] root]# Here is an extract from my squid.conf: auth_param ntlm program /usr/lib/squid/wb_ntlmauth auth_param ntlm children 5 auth-param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/lib/squid/wb_auth auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours Here are the winbind helpers: [EMAIL PROTECTED] root]# /usr/lib/squid/wb_auth -d /wb_auth[5070](wb_basic_auth.c:168): basic winbindd auth helper build Oct 30 200 3, 08:57:55 starting up... ushgnt\temp1 Password /wb_auth[5070](wb_basic_auth.c:129): Got 'ushgnt\temp1 Password' from squid (length: 21). /wb_auth[5070](wb_basic_auth.c:55): winbindd result: 1 /wb_auth[5070](wb_basic_auth.c:58): sending 'OK' to squid OK [EMAIL PROTECTED] root]# /usr/lib/squid/wb_group -d /wb_group[5073](wb_check_group.c:322): External ACL winbindd group helper build Jun 5 2003, 09:43:16 starting up... temp1 /wb_group[5073](wb_check_group.c:343): Got 'temp1' from Squid (length: 5). /wb_group[5073](wb_check_group.c:237): SID: S-1-5-21-2080928648-758920204-1539857752-513 /wb_group[5073](wb_check_group.c:237): SID: S-1-5-21-2080928648-758920204-1539857752-1174 /wb_group[5073](wb_check_group.c:237): SID: S-1-5-21-2080928648-758920204-1539857752-1007 ERR What did I make wrong? What do the errors mean? Do I have to create a group where I define the authorized internet users that the prompt in IE doesn't show up for valid internet users? temp1 is not a valid internet user, but when the prompt pops up (still pops up for every user) and I enter temp1 and Password, I can log on to the internet. Hope someone can help me. If you need further informations let me know. Thanks Tommy
[squid-users] winbind_privileged folder is missing!
Hi there, I am using Samba 3.0.0 source code, Squid-2.5Stable3 source code and Redhat 9.0. I want to get a seamless login, so that NT users don't have to login to the squid again if they are valid internet users. I wrote about this about week ago. Now I tried to reinstall Linux, Squid and Samba with all the given advices. Now I have got the problem that the folder /var/cache/samba/winbind_privileged is missing so that winbind won't start. What did I wrong? How can I get this folder with the pipe file? Hope that someone can help me. Thanx in advance. Tommy
Re: [squid-users] Seamless authentication for squid linux in a NT Domain using samba and winbind!
Hi, squid crashes a few times a day with no specific reason. I haven't tried to use STABLE 4. There are also different problems with the ntlm_auth so you can logon on even you don't have access when you know how to do it. You can logon without a password as long as the username is valid. There are a few reasons to move squid to linux. But there is the problem with the seamless login I want to solve. Thanks! Regards, Tommy Serassio Guido [EMAIL PROTECTED]To: [EMAIL PROTECTED], [EMAIL PROTECTED] sulting.itcc: Subject: Re: [squid-users] Seamless authentication for squid linux in a NT Domain using samba and winbind! Hi, At 14.00 22/10/2003, [EMAIL PROTECTED] wrote: Hi everybody! I wanna run a squid proxy server on Red Hat 9.0 in an Win NT 4 environment. At the moment squid is running on NT but it sucks and crashes all the time. What is your problem and with what Squid version ? Do you have already tried the latest STABLE 4 build for Windows ? Regards Guido - Guido Serassio Acme Consulting S.r.l. Via Gorizia, 69 10136 - Torino - ITALY Tel. : +39.011.3249426 Fax. : +39.011.3293665 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] Seamless authentication for squid linux in a NT Domain using samba and winbind!
Hi everybody! I wanna run a squid proxy server on Red Hat 9.0 in an Win NT 4 environment. At the moment squid is running on NT but it sucks and crashes all the time. I set squid up on linux and tried the msnt authenticate. It works but I don't want a prompt if you start the internet explorer. So I tried to set up squid with winbind. I tried all the configurations and the hints in all threads I found. http://www.squid-cache.org/Doc/FAQ/FAQ-23.html wbinfo -t responds SUCCESS wbinfo -g shows me all the NT groups wbinfo -u shows me all the NT users wbinfo -a mydomain\myuser%mypasswd SUCCESS but the following command responds always the same error: /usr/local/squid/libexec/wb_auth -d /wb_auth[14615](wb_basic_auth.c:168): basich winbindd auth helper build Oct 21 2003, 09:47:15 starting up... mydomainmyuser mypasswd /wb_auth[14615](wb_basic_auth.c:129): Got 'mydomainmyuser mypasswd' from squid (length: 21). /wb_auth[14615](wb_basic_auth.c:55): winbindd result -1 /wb_auth[14615](wb_basic_auth.c:60): sending 'ERR' to squid ERR I don't know where my problem is hidden. I use Samba 3.0.0 and Squid-2.5-STABLE3. my squid.conf: auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/squid/libexec/wb_auth auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours I also use free and denied domains which I can access. But if I want to open google.com or any other page, the prompt shows up. And if I type in my username and password, I can't logon to the Internet. Some users in our company don't have access to the internet. How can I handle it, that the users with internet access can use the internet without typing in their username and password again? I hope you can help me out. I am working on this for a few weeks now. But I can't get the problem solved. Thanks a lot for helping me!!
Re: [squid-users] Problem configuring winbind for squid
Hi, the wb_auth is located in /usr/lib/squid or in /usr/local/squid/libexec/ on my system. but the command you are talking about is not working on my system. Good luck. Tommy Taiwo Akinosho [EMAIL PROTECTED]To: [EMAIL PROTECTED] ank.com.ng cc: Subject: [squid-users] Problem configuring winbind for squid hello, i am trying to configure winbind on my linux to allow ntlm authenticatiom. i followed the article i found on squid faq. on running wbinfo -a domain\\user%password, i get plaintext password authentication succeeded and nothing more. i did not get any challenge/response authentiocation. i also learnt dat i cannot do NTLM without compiling samba with --with-winbind etc. so what can i do with this setup since it can talk to windows domain and it did join successfully. i also can't find anything on squid helper. i had something like # /usr/local/squid/libexec/wb_auth -d in the manual. i can't seem to find a file with the name wb_auth on my system. is this connected with the samba compilation process or do i have a problem with squid? thanks a lot Taiwo. -Original Message- From: Jordan Young [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 22, 2003 2:51 PM To: 'Henrik Nordstrom' Cc: [EMAIL PROTECTED] Subject: RE: [squid-users] Need to set up a one-time redirect, per user, for a client... Are there any redirectors that have database support for something similar to this already available? -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 21, 2003 10:27 PM To: Jordan Young Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Need to set up a one-time redirect, per user, for a client... On Tue, 21 Oct 2003, Jordan Young wrote: I have a client that needs a hotspot system, and they need it to accept all first URL requests and send them to their web site. After the first request is made, then they want it to open up for outside sources. It is not a pay system, but they just want all customers to see their web site. I know there is some way to do this, whether it be with squid (preferred), or with netfilter. If anybody could please help me, that would be great. Neither Squid or Netfilter have the technology for doing this builtin. Adding technology to Squid for doing this is relatively simple. You will need a redirector helper using a database keeping track of when the user was last seen, and if the user was not active in the last say 60 minutes then redirect him to the selected site (and record in the database that the user is active, as is done for any other request). Regards Henrik **Disclaimer This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify NAL BAnk Plc on [EMAIL PROTECTED] This message contains confidential information and is intended only for the individual named. Dear [EMAIL PROTECTED], our products and services are listed below. Optima: Maxiyield: Frontier Funds: For further details contact [EMAIL PROTECTED] First Bank Right Issues: Please claim your First Bank right issues on or before 25th November at any NAL Bank office nation wide. For further details contact, [EMAIL PROTECTED]
Re: [squid-users] Seamless authentication for squid linux in a NT Domain using samba and winbind!
Hi Hendrik, yes, it does reply success for challenge/response authentication! Don't I have to build squid with the winbind helpers then? thx tommy Henrik Nordstrom [EMAIL PROTECTED]To: [EMAIL PROTECTED] org cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Seamless authentication for squid linux in a NT Domain using samba and winbind! On Wed, 22 Oct 2003 [EMAIL PROTECTED] wrote: Hi everybody! I wanna run a squid proxy server on Red Hat 9.0 in an Win NT 4 environment. At the moment squid is running on NT but it sucks and crashes all the time. I set squid up on linux and tried the msnt authenticate. It works but I don't want a prompt if you start the internet explorer. So I tried to set up squid with winbind. I tried all the configurations and the hints in all threads I found. http://www.squid-cache.org/Doc/FAQ/FAQ-23.html wbinfo -a mydomain\myuser%mypasswd SUCCESS Does it also report success for challenge/response authentication? If not your Samba is not built with support for challenge/response authentication via winbind and NTLM can not work without this (NTLM is challenge/response authentication based). /usr/local/squid/libexec/wb_auth -d I don't know where my problem is hidden. I use Samba 3.0.0 and Squid-2.5-STABLE3. Ah.. again the same question. This must be the 5 time this week. For Samba-3 you MUST use the ntlm_auth helper included in the Samba distribution, not the older helpers shipped with Squid. See the Samba documentation. This single helper supports both basic and ntlm authentication schemes for a number of different programs, Squid included. Regards Henrik