Hi,
Hope somebody can point me in the right direction getting squid to
authenticate users. I've installed squid and the getpwnam_auth module. Users
can browse the net quite happily, but never get a prompt to authenticate to
squid.
Our cahe is using our ISP's proxy as a parent, but their proxy doesn't
require authentication to use it - could the problem be due to that perhaps?
I'm using squid 2.4 stable7 on FreeBSD.
Here is my squid.conf:
http_port 8080
icp_port 0
tcp_outgoing_address 0.0.0.0
udp_incoming_address 0.0.0.0
udp_outgoing_address 0.0.0.0
cache_peer proxy.webzone.net.au parent 8080 0 no-query default
cache_mem 16 MB
cache_dir ufs /usr/local/squid/cache 4096 32 512
acl ALL dst 0.0.0.0/0.0.0.0
acl LOCAL dst 192.168.0.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
authenticate_program /usr/local/sbin/getpwnam_auth
/usr/local/etc/squid/squidpasswd
never_direct deny LOCAL
never_direct allow ALL
acl ALLSRC src 0.0.0.0/0.0.0.0
acl LOCALSRC src 192.168.0.0/255.255.255.0
acl WEBSVR src 192.168.0.2/255.255.255.255
acl HOSTSRC src 127.0.0.1/255.255.255.255
acl AUTHLOGIN proxy_auth REQUIRED
http_access allow LOCALSRC
http_access allow HOSTSRC
http_access deny !Safe_ports
acl manager proto cache_object
http_access allow manager WEBSVR
http_access allow manager HOSTSRC
http_access deny manager
cachemgr_passwd xxxxxx shutdown config
cachemgr_passwd manager info stats/objects client_list
emulate_httpd_log on
proxy_auth_realm Squid proxy server
http_access allow AUTHLOGIN
http_access deny ALLSRC
Here is a short extract from cachelog when I restarted the cache:
2002/09/22 16:06:53| Starting Squid Cache version 2.4.STABLE7 for
i386--freebsd4.3...
2002/09/22 16:06:53| Process ID 40176
2002/09/22 16:06:53| With 1064 file descriptors available
2002/09/22 16:06:53| Performing DNS Tests...
2002/09/22 16:06:53| Successful DNS name lookup tests...
2002/09/22 16:06:53| DNS Socket created on FD 5
2002/09/22 16:06:53| Adding nameserver 210.8.36.2 from /etc/resolv.conf
2002/09/22 16:06:53| Adding nameserver 203.57.204.2 from /etc/resolv.conf
2002/09/22 16:06:53| helperOpenServers: Starting 5 'getpwnam_auth' processes
2002/09/22 16:06:53| Unlinkd pipe opened on FD 15
2002/09/22 16:06:53| Swap maxSize 4194304 KB, estimated 322638 objects
2002/09/22 16:06:53| Target number of buckets: 16131
2002/09/22 16:06:53| Using 16384 Store buckets
2002/09/22 16:06:53| Max Mem size: 16384 KB
2002/09/22 16:06:53| Max Swap size: 4194304 KB
2002/09/22 16:06:53| Rebuilding storage in /usr/local/squid/cache (CLEAN)
2002/09/22 16:06:53| Using Least Load store dir selection
2002/09/22 16:06:53| Set Current Directory to /usr/local/squid/cache
2002/09/22 16:06:53| Loaded Icons.
2002/09/22 16:06:53| Accepting HTTP connections at 0.0.0.0, port 8080, FD 17.
2002/09/22 16:06:53| WCCP Disabled.
2002/09/22 16:06:53| Ready to serve requests.
2002/09/22 16:06:54| Store rebuilding is 3.4% complete
2002/09/22 16:06:56| Done reading /usr/local/squid/cache swaplog (118875
entries)
2002/09/22 16:06:56| Finished rebuilding storage from disk.
2002/09/22 16:06:56| 118875 Entries scanned
2002/09/22 16:06:56| 0 Invalid entries.
2002/09/22 16:06:56| 0 With invalid flags.
2002/09/22 16:06:56| 118875 Objects loaded.
2002/09/22 16:06:56| 0 Objects expired.
2002/09/22 16:06:56| 0 Objects cancelled.
2002/09/22 16:06:56| 0 Duplicate URLs purged.
2002/09/22 16:06:56| 0 Swapfile clashes avoided.
2002/09/22 16:06:56| Took 3.3 seconds (35488.0 objects/sec).
2002/09/22 16:06:56| Beginning Validation Procedure
2002/09/22 16:06:56| Completed Validation Procedure
2002/09/22 16:06:56| Validated 118875 Entries
2002/09/22 16:06:56| store_swap_size = 1978946k
2002/09/22 16:06:57| storeLateRelease: released 0 objects
2002/09/22 16:08:22| WARNING: 'ALL' ACL is used but there is no HTTP request
-- access denied. 2002/09/22 16:08:24| WARNING: 'ALL' ACL is used but there is no HTTP request -- access denied. 2002/09/22 16:08:24| WARNING: 'ALL' ACL is used but there is no HTTP request -- access denied. 2002/09/22 16:08:24| WARNING: 'ALL' ACL is used but there is no HTTP request -- access denied. 2002/09/22 16:08:26| WARNING: 'ALL' ACL is used but there is no HTTP request -- access denied. I don't what the warnings are about, they keep appearing, but that doesn't seem to affect access to the net. Cheers, IanReceived on Sun Sep 22 2002 - 01:10:10 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:22 MST