RE: [squid-users] ipcCreate error:
Hi Henrik, I created another setup but now again i am facing the ipccreate issue although i have copied the squid_kerb_auth from my compilation to /usr/libexec/squid by cp -r command and also i have pointed in squid.conf as auth_param negotiate program /usr/libexec/squid/squid_kerb_auth what could be the issue now? please help will be thankful. regards, Bilal From: hen...@henriknordstrom.net To: gi...@msn.com CC: squid-users@squid-cache.org Date: Wed, 14 Apr 2010 09:34:28 +0200 Subject: RE: [squid-users] ipcCreate error: ons 2010-04-14 klockan 04:47 + skrev GIGO .: Hi Henrik, Thank you this problem is resolved by placing the squid_kerb_auth in the libexec folder. Now i beleive that i also have to place any other helpers like squid_ldap_group in the same location to get it to work. Yes. if you have selinux enabled on the host then the security policy for squid restricts it to execute helpers in /usr/libexec/squid/ only. Which is a good thing in terms of security. Regards Henrik _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969
RE: [squid-users] ipcCreate error:
ons 2010-04-14 klockan 04:47 + skrev GIGO .: Hi Henrik, Thank you this problem is resolved by placing the squid_kerb_auth in the libexec folder. Now i beleive that i also have to place any other helpers like squid_ldap_group in the same location to get it to work. Yes. if you have selinux enabled on the host then the security policy for squid restricts it to execute helpers in /usr/libexec/squid/ only. Which is a good thing in terms of security. Regards Henrik
RE: [squid-users] ipcCreate error:
Hi Henrik, Thank you this problem is resolved by placing the squid_kerb_auth in the libexec folder. Now i beleive that i also have to place any other helpers like squid_ldap_group in the same location to get it to work. regards, Bilal From: hen...@henriknordstrom.net To: gi...@msn.com CC: squid-users@squid-cache.org Date: Sat, 10 Apr 2010 19:44:31 +0200 Subject: Re: [squid-users] ipcCreate error: lör 2010-04-10 klockan 09:23 + skrev GIGO .: I have created a user proxy in Centos from which i am running my squid successfully with all the rights properly configured until i change my configuration file for Negotiate/Kerboros. Do you have selinux enabled? Try moving the helper to /usr/libexec/squid/ instead of /usr/sbin/... Now i have no idea how to use scripts from within squid.conf. And at which place should i place this script in the squid.conf in relation to the following? Instead of the normal program. auth_param negotiate program /usr/sbin/squid_kerb_auth Regards Henrik _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969
Re: [squid-users] ipcCreate error:
GIGO . wrote: I have created a user proxy in Centos from which i am running my squid successfully with all the rights properly configured until i change my configuration file for Negotiate/Kerboros. I am receiving the following error when trying to start squid: 2010/04/09 05:06:12| helperOpenServers: Starting 10/10 'squid_kerb_auth' processes 2010/04/09 05:06:12| ipcCreate: /usr/sbin/squid_kerb_auth: (13) Permission denied 2010/04/09 05:06:12| ipcCreate: /usr/sbin/squid_kerb_auth: (13) Permission denied The new helper binary needs a minimum of read and execute permission for the Squid user to run it. Any resources and files the helper requires also need permissions for the Squid user to access them. For trouble shooting I have just installed Strace and created a script as per Markus recommendations. --- #/bin/sh strace -f -F -o /tmp/strace.out.$$ squid_kerb_auth $* -- Now i have no idea how to use scripts from within squid.conf. And at which place should i place this script in the squid.conf in relation to the following? auth_param negotiate program /usr/sbin/squid_kerb_auth Assuming your script is at the path /test/script that would become: auth_param negotiate program /test/script /usr/sbin/squid_kerb_auth Or you could just do this (one line, mind the wrap): auth_param negotiate program /usr/bin/strace -f -F -o /tmp/strace.out /usr/sbin/squid_kerb_auth Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
Re: [squid-users] ipcCreate error:
lör 2010-04-10 klockan 09:23 + skrev GIGO .: I have created a user proxy in Centos from which i am running my squid successfully with all the rights properly configured until i change my configuration file for Negotiate/Kerboros. Do you have selinux enabled? Try moving the helper to /usr/libexec/squid/ instead of /usr/sbin/... Now i have no idea how to use scripts from within squid.conf. And at which place should i place this script in the squid.conf in relation to the following? Instead of the normal program. auth_param negotiate program /usr/sbin/squid_kerb_auth Regards Henrik
