Re: [squid-users] Problems with Authenticator
> has authenticated himself. If the authentication fails, the authenticator > returns "ERR". It is correct. > > My first try is this dummy-authenticator: > When I use this authenticator, I am prompted for a username and password. > After authenticating with any username and password, the proxy says: > Yes it is asking and working. I have tried this in my Cache server for authentication type and it is working there. > Cache Access Denied. >http://www.google.com/ > It seems your http_access rule is not allowing to access cache there. > auth_param basic program /usr/src/null_auth Are you having the authenticator in this location with executable permission there? Try on command line as, /usr/src/null_auth test test OK OK .. > auth_param basic children 20 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 1 minutes > acl password proxy_auth REQUIRED > http_access allow password It is correct. > Since I can find the "OK" in my cache.log, I assue that the authenticator > is used by squid. Why does the authencation fail? Are you using any more http_access rules there.? And did you reconfigure your running squid.? after making changes? Try to stop your squid and use, configuration as, auth_param basic program /usr/src/null_auth auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off acl password proxy_auth REQUIRED Go to the starting of # TAG: http_reply_access. # http rule http_access allow auth http_access deny all Try now. Are you okie. Regards Muthukumar. --- === It is a "Virus Free Mail" === Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.777 / Virus Database: 524 - Release Date: 10/14/2004
Re: [squid-users] Problems with Authenticator
>Yes it is asking and working. >I have tried this in my Cache server for authentication type and it is working >there. > >> Cache Access Denied. >>http://www.google.com/ >> > >It seems your http_access rule is not allowing to access cache there. > >> auth_param basic program /usr/src/null_auth > >Are you having the authenticator in this location with executable permission >there? >Try on command line as, >/usr/src/null_auth >test test >OK >OK >.. > On command line, the authenticator works. >> auth_param basic children 20 >> auth_param basic realm Squid proxy-caching web server >> auth_param basic credentialsttl 1 minutes > >> acl password proxy_auth REQUIRED >> http_access allow password > >It is correct. > >> Since I can find the "OK" in my cache.log, I assue that the authenticator >> is used by squid. Why does the authencation fail? > >Are you using any more http_access rules there.? And did you reconfigure >your running squid.? after making changes? I restart squid after changig the configuration. >Try to stop your squid and use, configuration as, > >auth_param basic program /usr/src/null_auth >auth_param basic children 5 >auth_param basic realm Squid proxy-caching web server >auth_param basic credentialsttl 2 hours >auth_param basic casesensitive off > >acl password proxy_auth REQUIRED > >Go to the starting of # TAG: http_reply_access. ># http rule >http_access allow auth >http_access deny all > >Try now. Are you okie. > Now I end up in a timeout. After authenticating myself, the proxy is not fetching the URL. As a test I replaced in authenticator the string "OK" by "ERR". I expect a "Cache access denied" error, I get no error. Regardless of the authenticator one TCP_DENIED/407 is reported in access.log. Squid seems to ignore the return value of the authenticator. I am using this configuration: hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY auth_param basic program /usr/sbin/null_auth auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 acl password proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow localhost http_access allow password http_access deny all http_access deny !Safe_ports http_reply_access allow all icp_access allow all coredump_dir /var/cache/squid When I am starting squid, I can find no errors in the cache.log: proxy:/tmp # 2004/10/21 10:44:37| Starting Squid Cache version 2.5.STABLE3 for i686-pc-linux-gnu... 2004/10/21 10:44:37| Process ID 6574 2004/10/21 10:44:37| With 4096 file descriptors available 2004/10/21 10:44:37| DNS Socket created at 0.0.0.0, port 32771, FD 5 2004/10/21 10:44:37| Adding nameserver 192.168.12.3 from /etc/resolv.conf 2004/10/21 10:44:37| helperOpenServers: Starting 5 'null_auth' processes 2004/10/21 10:44:37| User-Agent logging is disabled. 2004/10/21 10:44:37| Referer logging is disabled. 2004/10/21 10:44:37| Unlinkd pipe opened on FD 15 2004/10/21 10:44:37| Swap maxSize 102400 KB, estimated 17066 objects 2004/10/21 10:44:37| Target number of buckets: 853 2004/10/21 10:44:37| Using 8192 Store buckets 2004/10/21 10:44:37| Max Mem size: 8192 KB 2004/10/21 10:44:37| Max Swap size: 102400 KB 2004/10/21 10:44:37| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2004/10/21 10:44:37| Rebuilding storage in /var/cache/squid (CLEAN) 2004/10/21 10:44:37| Using Least Load store dir selection 2004/10/21 10:44:37| Set Current Directory to /var/cache/squid 2004/10/21 10:44:37| Loaded Icons. 2004/10/21 10:44:37| Accepting HTTP connections at 0.0.0.0, port 3128, FD 17. 2004/10/21 10:44:37| Accepting ICP messages at 0.0.0.0, port 3130, FD 18. 2004/10/21 10:44:37| HTCP Disabled. 2004/10/21 10:44:37| Accepting SNMP messages on port 3401, FD 19. 2004/10/21 10:44:37| WCCP Disabled. 2004/10/21 10:44:37| Ready to serve requests. 2004/10/21 10:44:37| Done reading /var/cache/squid swaplog (24 entries) 2004/10/21 10:44:37| Finished rebuilding storage from disk. 2004/10/21 10:44:37|24 Entries scanned 2004/10/21 10:44:37| 0 Invalid entries. 2004/10/21 10:44:37| 0 With invalid flags. 2004/10/21 10:44:37|24 Objects loaded. 2004/10/21 10:44:37| 0 Objec
Re: [squid-users] Problems with Authenticator
>Yes it is asking and working. >I have tried this in my Cache server for authentication type and it is working >there. > >> Cache Access Denied. >>http://www.google.com/ >> > >It seems your http_access rule is not allowing to access cache there. > >> auth_param basic program /usr/src/null_auth > >Are you having the authenticator in this location with executable permission >there? >Try on command line as, >/usr/src/null_auth >test test >OK >OK >.. > On command line, the authenticator works. >> auth_param basic children 20 >> auth_param basic realm Squid proxy-caching web server >> auth_param basic credentialsttl 1 minutes > >> acl password proxy_auth REQUIRED >> http_access allow password > >It is correct. > >> Since I can find the "OK" in my cache.log, I assue that the authenticator >> is used by squid. Why does the authencation fail? > >Are you using any more http_access rules there.? And did you reconfigure >your running squid.? after making changes? I restart squid after changig the configuration. >Try to stop your squid and use, configuration as, > >auth_param basic program /usr/src/null_auth >auth_param basic children 5 >auth_param basic realm Squid proxy-caching web server >auth_param basic credentialsttl 2 hours >auth_param basic casesensitive off > >acl password proxy_auth REQUIRED > >Go to the starting of # TAG: http_reply_access. ># http rule >http_access allow auth >http_access deny all > >Try now. Are you okie. > Now I end up in a timeout. After authenticating myself, the proxy is not fetching the URL. As a test I replaced in authenticator the string "OK" by "ERR". I expect a "Cache access denied" error, I get no error. Regardless of the authenticator one TCP_DENIED/407 is reported in access.log. Squid seems to ignore the return value of the authenticator. I am using this configuration: hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY auth_param basic program /usr/sbin/null_auth auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern . 0 20% 4320 acl password proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow localhost http_access allow password http_access deny all http_access deny !Safe_ports http_reply_access allow all icp_access allow all coredump_dir /var/cache/squid When I am starting squid, I can find no errors in the cache.log: proxy:/tmp # 2004/10/21 10:44:37| Starting Squid Cache version 2.5.STABLE3 for i686-pc-linux-gnu... 2004/10/21 10:44:37| Process ID 6574 2004/10/21 10:44:37| With 4096 file descriptors available 2004/10/21 10:44:37| DNS Socket created at 0.0.0.0, port 32771, FD 5 2004/10/21 10:44:37| Adding nameserver 192.168.12.3 from /etc/resolv.conf 2004/10/21 10:44:37| helperOpenServers: Starting 5 'null_auth' processes 2004/10/21 10:44:37| User-Agent logging is disabled. 2004/10/21 10:44:37| Referer logging is disabled. 2004/10/21 10:44:37| Unlinkd pipe opened on FD 15 2004/10/21 10:44:37| Swap maxSize 102400 KB, estimated 17066 objects 2004/10/21 10:44:37| Target number of buckets: 853 2004/10/21 10:44:37| Using 8192 Store buckets 2004/10/21 10:44:37| Max Mem size: 8192 KB 2004/10/21 10:44:37| Max Swap size: 102400 KB 2004/10/21 10:44:37| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2004/10/21 10:44:37| Rebuilding storage in /var/cache/squid (CLEAN) 2004/10/21 10:44:37| Using Least Load store dir selection 2004/10/21 10:44:37| Set Current Directory to /var/cache/squid 2004/10/21 10:44:37| Loaded Icons. 2004/10/21 10:44:37| Accepting HTTP connections at 0.0.0.0, port 3128, FD 17. 2004/10/21 10:44:37| Accepting ICP messages at 0.0.0.0, port 3130, FD 18. 2004/10/21 10:44:37| HTCP Disabled. 2004/10/21 10:44:37| Accepting SNMP messages on port 3401, FD 19. 2004/10/21 10:44:37| WCCP Disabled. 2004/10/21 10:44:37| Ready to serve requests. 2004/10/21 10:44:37| Done reading /var/cache/squid swaplog (24 entries) 2004/10/21 10:44:37| Finished rebuilding storage from disk. 2004/10/21 10:44:37|24 Entries scanned 2004/10/21 10:44:37| 0 Invalid entries. 2004/10/21 10:44:37| 0 With invalid flags. 2004/10/21 10:44:37|24 Objects loaded. 2004/10/21 10:44:37| 0 Objec
Re: [squid-users] Problems with Authenticator
On Thu, 21 Oct 2004, Udo Pokojski wrote: Now I end up in a timeout. After authenticating myself, the proxy is not fetching the URL. Have you distabled buffering of stdout? If not your helper never sends the result back to Squid.. (sits in the libc stdio buffer waiting for your application to write more data to fill the buffer...) In C setbuf(stdout, NULL); anywhere before the main loop. Regards Henrik
Re: [squid-users] Problems with Authenticator Solved
> >>Yes it is asking and working. >>I have tried this in my Cache server for authentication type and it is >working >>there. >> >>> Cache Access Denied. >>>http://www.google.com/ >>> >> >>It seems your http_access rule is not allowing to access cache there. > > >> >>> auth_param basic program /usr/src/null_auth >> >>Are you having the authenticator in this location with executable permission >>there? >>Try on command line as, >>/usr/src/null_auth >>test test >>OK >>OK >>.. >> > >On command line, the authenticator works. > The output of my authenticator seems to be buffered. I changed the source to: #include char buffer[256]; int main() { while (fgets(buffer,256,stdin)!=NULL) { fprintf(stdout,"OK\n"); fflush(stdout); fprintf(stderr,"OK\n"); } } Now it works as expected. Thanks, Udo Pokojski http://www.epost.de - das Kommunikationsportal der Deutschen Post