Anybody know if i need to install and configure Kerberos and if i need to
confiure ldap. And anybody know if i need to configure kerberos and ldap to
authenticate the users in active directory to navagate throw squid proxy
Thz
----- Original Message -----
From: "Alejandro Decchi" <adecchi@sadepan.com.ar>
To: "Henrik Nordstrom" <henrik@henriknordstrom.net>;
<squid-users@squid-cache.org>
Sent: Monday, August 14, 2006 9:37 AM
Subject: Re: [squid-users] Help Error squid !!!
I installed and configures squid_ldap_auth ,but when I try to navegate throw
squid, i can not.I supouse that the problem is in the authenticate with
squid and active directory. I hope that someone can help me.
Here is my squid.conf :
http_port 3128
http_port 8080
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache_dir ufs /usr/local/squid/var/cache 100 16 256
cache_log /usr/local/squid/var/logs/cache.log
auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -P -R -b
"dc=sadepan" -D "cn=squid,cn=Users,dc=sadepan" -w zpig#s1 -f
"(&(objectClass=user)(cn=%s))" -h 192.168.0.2 -p 3268
auth_param basic children 5
auth_param basic realm Sadepan LatinoAmericana S.A
auth_param basic credentialsttl 5 minutes
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnetwork src "/usr/local/squid/permitidos"
acl ldap-auth proxy_auth REQUIRED
acl password proxy_auth REQUIRED
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
http_access allow localhost
http_access allow localnetwork password
http_access deny !ldap-auth
http_access deny all
http_reply_access allow all
Here is my access log:
1155101261.248 16 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html
1155101297.337 6 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html
1155104628.563 4 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html
1155104906.827 7 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html
1155104939.595 3 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html
1155105193.137 3 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html
1155105705.485 7 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html
1155359891.071 486 192.168.0.101 TCP_MISS/200 1974 GET
http://www.google.com.ar/ - DIRECT/64.233.187.99 text/html
1155359891.667 361 192.168.0.101 TCP_MISS/200 3021 GET
http://www.google.com.ar/images/hp2.gif - DIRECT/64.233.187.99 image/gif
1155359891.674 580 192.168.0.101 TCP_MISS/200 4596 GET
http://www.google.com.ar/images/hp0.gif - DIRECT/64.233.187.99 image/gif
1155359891.674 365 192.168.0.101 TCP_MISS/200 1729 GET
http://www.google.com.ar/images/hp3.gif - DIRECT/64.233.187.104 image/gif
1155359891.774 471 192.168.0.101 TCP_MISS/200 3272 GET
http://www.google.com.ar/images/hp1.gif - DIRECT/64.233.187.104 image/gif
1155359909.290 1334 192.168.0.101 TCP_MISS/200 26283 GET
http://www.yahoo.com/ - DIRECT/209.73.186.238 text/html
1155359910.699 1407 192.168.0.101 TCP_MISS/200 1678 GET
http://us.i1.yimg.com/us.yimg.com/i/ww/thm/1/search_1.1.png -
DIRECT/207.40.194.54 image/png
1155359910.707 2 192.168.0.101 TCP_MEM_HIT/200 1677 GET
http://us.i1.yimg.com/us.yimg.com/i/ww/thm/1/search_1.1.png - NONE/-
image/png
Here is my cache log:
2006/08/12 04:55:13| Starting Squid Cache version 2.6.STABLE2 for
i586-pc-linux-gnu...
2006/08/12 04:55:13| Process ID 1808
2006/08/12 04:55:13| With 1024 file descriptors available
2006/08/12 04:55:13| Performing DNS Tests...
2006/08/12 04:55:13| Successful DNS name lookup tests...
2006/08/12 04:55:13| DNS Socket created at 0.0.0.0, port 32782, FD 4
2006/08/12 04:55:13| Adding domain sadepan from /etc/resolv.conf
2006/08/12 04:55:13| Adding nameserver 192.168.0.2 from /etc/resolv.conf
2006/08/12 04:55:13| Adding nameserver 200.45.191.35 from /etc/resolv.conf
2006/08/12 04:55:13| Adding nameserver 200.45.191.40 from /etc/resolv.conf
2006/08/12 04:55:13| helperOpenServers: Starting 5 'squid_ldap_auth'
processes
2006/08/12 04:55:18| Unlinkd pipe opened on FD 14
2006/08/12 04:55:18| Swap maxSize 102400 KB, estimated 7876 objects
2006/08/12 04:55:18| Target number of buckets: 393
2006/08/12 04:55:18| Using 8192 Store buckets
2006/08/12 04:55:18| Max Mem size: 8192 KB
2006/08/12 04:55:18| Max Swap size: 102400 KB
2006/08/12 04:55:18| Rebuilding storage in /usr/local/squid/var/cache
(DIRTY)
2006/08/12 04:55:18| Using Least Load store dir selection
2006/08/12 04:55:18| Set Current Directory to /usr/local/squid/var/cache
2006/08/12 04:55:18| Loaded Icons.
2006/08/12 04:55:18| Accepting proxy HTTP connections at 0.0.0.0, port 3128,
FD 16.
2006/08/12 04:55:18| Accepting proxy HTTP connections at 0.0.0.0, port 8080,
FD 17.
2006/08/12 04:55:18| Accepting ICP messages at 0.0.0.0, port 3130, FD 18.
2006/08/12 04:55:18| WCCP Disabled.
2006/08/12 04:55:18| Ready to serve requests.
2006/08/12 04:55:19| Done reading /usr/local/squid/var/cache swaplog (48
entries)
2006/08/12 04:55:19| Finished rebuilding storage from disk.
2006/08/12 04:55:19| 48 Entries scanned
2006/08/12 04:55:19| 0 Invalid entries.
2006/08/12 04:55:19| 0 With invalid flags.
2006/08/12 04:55:19| 48 Objects loaded.
2006/08/12 04:55:19| 0 Objects expired.
2006/08/12 04:55:19| 0 Objects cancelled.
2006/08/12 04:55:19| 0 Duplicate URLs purged.
2006/08/12 04:55:19| 0 Swapfile clashes avoided.
2006/08/12 04:55:19| Took 0.8 seconds ( 57.1 objects/sec).
2006/08/12 04:55:19| Beginning Validation Procedure
2006/08/12 04:55:19| Completed Validation Procedure
2006/08/12 04:55:19| Validated 48 Entries
2006/08/12 04:55:19| store_swap_size = 344k
2006/08/12 04:55:19| storeLateRelease: released 0 objects
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'
2006/08/14 02:08:52| Reconfiguring Squid Cache (version 2.6.STABLE2)...
2006/08/14 02:08:52| FD 16 Closing HTTP connection
2006/08/14 02:08:52| FD 17 Closing HTTP connection
2006/08/14 02:08:52| FD 18 Closing ICP connection
2006/08/14 02:08:52| Cache dir '/usr/local/squid/var/cache' size remains
unchanged at 102400 KB
2006/08/14 02:08:52| DNS Socket created at 0.0.0.0, port 32880, FD 6
2006/08/14 02:08:52| Adding domain sadepan from /etc/resolv.conf
2006/08/14 02:08:52| Adding nameserver 192.168.0.2 from /etc/resolv.conf
2006/08/14 02:08:52| Adding nameserver 200.45.191.35 from /etc/resolv.conf
2006/08/14 02:08:52| Adding nameserver 200.45.191.40 from /etc/resolv.conf
2006/08/14 02:08:52| helperOpenServers: Starting 5 'squid_ldap_auth'
processes
2006/08/14 02:08:53| Accepting proxy HTTP connections at 0.0.0.0, port 3128,
FD 13.
2006/08/14 02:08:53| Accepting proxy HTTP connections at 0.0.0.0, port 8080,
FD 15.
2006/08/14 02:08:53| Accepting ICP messages at 0.0.0.0, port 3130, FD 16.
2006/08/14 02:08:53| WCCP Disabled.
2006/08/14 02:08:53| Loaded Icons.
2006/08/14 02:08:53| Ready to serve requests.
2006/08/14 02:09:24| Starting Squid Cache version 2.6.STABLE2 for
i586-pc-linux-gnu...
2006/08/14 02:09:24| Process ID 2552
2006/08/14 02:09:24| With 1024 file descriptors available
2006/08/14 02:09:24| Performing DNS Tests...
2006/08/14 02:09:27| Starting Squid Cache version 2.6.STABLE2 for
i586-pc-linux-gnu...
2006/08/14 02:09:27| Process ID 2556
2006/08/14 02:09:27| With 1024 file descriptors available
2006/08/14 02:09:27| Performing DNS Tests...
2006/08/14 02:09:24| Successful DNS name lookup tests...
2006/08/14 02:09:24| DNS Socket created at 0.0.0.0, port 32882, FD 4
2006/08/14 02:09:24| Adding domain sadepan from /etc/resolv.conf
2006/08/14 02:09:24| Adding nameserver 192.168.0.2 from /etc/resolv.conf
2006/08/14 02:09:24| Adding nameserver 200.45.191.35 from /etc/resolv.conf
2006/08/14 02:09:24| Adding nameserver 200.45.191.40 from /etc/resolv.conf
2006/08/14 02:09:24| helperOpenServers: Starting 5 'squid_ldap_auth'
processes
2006/08/14 02:09:29| Unlinkd pipe opened on FD 14
2006/08/14 02:09:29| Swap maxSize 102400 KB, estimated 7876 objects
2006/08/14 02:09:29| Target number of buckets: 393
2006/08/14 02:09:29| Using 8192 Store buckets
2006/08/14 02:09:29| Max Mem size: 8192 KB
2006/08/14 02:09:29| Max Swap size: 102400 KB
2006/08/14 02:09:29| Rebuilding storage in /usr/local/squid/var/cache
(DIRTY)
2006/08/14 02:09:29| Using Least Load store dir selection
2006/08/14 02:09:29| Set Current Directory to /usr/local/squid/var/cache
2006/08/14 02:09:29| Loaded Icons.
2006/08/14 02:09:29| Accepting proxy HTTP connections at 0.0.0.0, port 3128,
FD 16.
2006/08/14 02:09:29| Accepting proxy HTTP connections at 0.0.0.0, port 8080,
FD 17.
2006/08/14 02:09:29| Accepting ICP messages at 0.0.0.0, port 3130, FD 18.
2006/08/14 02:09:29| WCCP Disabled.
2006/08/14 02:09:29| Ready to serve requests.
2006/08/14 02:09:30| Done reading /usr/local/squid/var/cache swaplog (48
entries)
2006/08/14 02:09:30| Finished rebuilding storage from disk.
2006/08/14 02:09:30| 48 Entries scanned
2006/08/14 02:09:30| 0 Invalid entries.
2006/08/14 02:09:30| 0 With invalid flags.
2006/08/14 02:09:30| 48 Objects loaded.
2006/08/14 02:09:30| 0 Objects expired.
2006/08/14 02:09:30| 0 Objects cancelled.
2006/08/14 02:09:30| 0 Duplicate URLs purged.
2006/08/14 02:09:30| 0 Swapfile clashes avoided.
2006/08/14 02:09:30| Took 0.4 seconds ( 109.8 objects/sec).
2006/08/14 02:09:30| Beginning Validation Procedure
2006/08/14 02:09:30| Completed Validation Procedure
2006/08/14 02:09:30| Validated 48 Entries
2006/08/14 02:09:30| store_swap_size = 344k
2006/08/14 02:09:31| storeLateRelease: released 0 objects
2006/08/14 02:09:27| Successful DNS name lookup tests...
2006/08/14 02:09:27| DNS Socket created at 0.0.0.0, port 32883, FD 4
2006/08/14 02:09:27| Adding domain sadepan from /etc/resolv.conf
2006/08/14 02:09:27| Adding nameserver 192.168.0.2 from /etc/resolv.conf
2006/08/14 02:09:27| Adding nameserver 200.45.191.35 from /etc/resolv.conf
2006/08/14 02:09:27| Adding nameserver 200.45.191.40 from /etc/resolv.conf
2006/08/14 02:09:27| helperOpenServers: Starting 5 'squid_ldap_auth'
processes
2006/08/14 02:09:32| Unlinkd pipe opened on FD 14
2006/08/14 02:09:32| Swap maxSize 102400 KB, estimated 7876 objects
2006/08/14 02:09:32| Target number of buckets: 393
2006/08/14 02:09:32| Using 8192 Store buckets
2006/08/14 02:09:32| Max Mem size: 8192 KB
2006/08/14 02:09:32| Max Swap size: 102400 KB
2006/08/14 02:09:32| Rebuilding storage in /usr/local/squid/var/cache
(DIRTY)
2006/08/14 02:09:32| Using Least Load store dir selection
2006/08/14 02:09:32| Set Current Directory to /usr/local/squid/var/cache
2006/08/14 02:09:32| Loaded Icons.
2006/08/14 02:09:32| commBind: Cannot bind socket FD 16 to *:3128: (98)
Address already in use
2006/08/14 02:09:32| commBind: Cannot bind socket FD 16 to *:8080: (98)
Address already in use
FATAL: Cannot open HTTP Port
Squid Cache (Version 2.6.STABLE2): Terminated abnormally.
CPU Usage: 0.230 seconds = 0.130 user + 0.100 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 396
Memory usage for squid via mallinfo():
total space in arena: 2113 KB
Ordinary blocks: 2049 KB 2 blks
Small blocks: 0 KB 1 blks
Holding blocks: 208 KB 1 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 63 KB
Total in use: 2257 KB 107%
Total free: 63 KB 3%
----- Original Message -----
From: "Henrik Nordstrom" <henrik@henriknordstrom.net>
To: "Alejandro Decchi" <adecchi@sadepan.com.ar>
Cc: <squid-users@squid-cache.org>
Sent: Saturday, August 12, 2006 3:47 PM
Subject: Re: [squid-users] Help Error squid !!!
Received on Mon Aug 14 2006 - 13:57:31 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:02 MDT