Re: [squid-users] Help Error squid !!!

From: Alejandro Decchi <adecchi@dont-contact.us>
Date: Mon, 14 Aug 2006 16:50:19 -0300

Anybody know if i need to install and configure Kerberos and if i need to
confiure ldap. And anybody know if i need to configure kerberos and ldap to
authenticate the users in active directory to navagate throw squid proxy

Thz

----- Original Message -----
From: "Alejandro Decchi" <adecchi@sadepan.com.ar>
To: "Henrik Nordstrom" <henrik@henriknordstrom.net>;
<squid-users@squid-cache.org>
Sent: Monday, August 14, 2006 9:37 AM
Subject: Re: [squid-users] Help Error squid !!!

I installed and configures squid_ldap_auth ,but when I try to navegate throw
squid, i can not.I supouse that the problem is in the authenticate with
squid and active directory. I hope that someone can help me.

Here is my squid.conf :

http_port 3128

http_port 8080

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY

cache_dir ufs /usr/local/squid/var/cache 100 16 256

cache_log /usr/local/squid/var/logs/cache.log

auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -P -R -b
"dc=sadepan" -D "cn=squid,cn=Users,dc=sadepan" -w zpig#s1 -f
"(&(objectClass=user)(cn=%s))" -h 192.168.0.2 -p 3268

auth_param basic children 5

auth_param basic realm Sadepan LatinoAmericana S.A

auth_param basic credentialsttl 5 minutes

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl localnetwork src "/usr/local/squid/permitidos"

acl ldap-auth proxy_auth REQUIRED

acl password proxy_auth REQUIRED

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

# Deny requests to unknown ports

http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

http_access allow localhost

http_access allow localnetwork password

http_access deny !ldap-auth

http_access deny all

http_reply_access allow all

Here is my access log:

1155101261.248 16 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html

1155101297.337 6 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html

1155104628.563 4 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html

1155104906.827 7 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html

1155104939.595 3 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html

1155105193.137 3 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html

1155105705.485 7 192.168.0.145 TCP_DENIED/407 1717 GET
http://www.microsoft.com/spanish/msn - NONE/- text/html

1155359891.071 486 192.168.0.101 TCP_MISS/200 1974 GET
http://www.google.com.ar/ - DIRECT/64.233.187.99 text/html

1155359891.667 361 192.168.0.101 TCP_MISS/200 3021 GET
http://www.google.com.ar/images/hp2.gif - DIRECT/64.233.187.99 image/gif

1155359891.674 580 192.168.0.101 TCP_MISS/200 4596 GET
http://www.google.com.ar/images/hp0.gif - DIRECT/64.233.187.99 image/gif

1155359891.674 365 192.168.0.101 TCP_MISS/200 1729 GET
http://www.google.com.ar/images/hp3.gif - DIRECT/64.233.187.104 image/gif

1155359891.774 471 192.168.0.101 TCP_MISS/200 3272 GET
http://www.google.com.ar/images/hp1.gif - DIRECT/64.233.187.104 image/gif

1155359909.290 1334 192.168.0.101 TCP_MISS/200 26283 GET
http://www.yahoo.com/ - DIRECT/209.73.186.238 text/html

1155359910.699 1407 192.168.0.101 TCP_MISS/200 1678 GET
http://us.i1.yimg.com/us.yimg.com/i/ww/thm/1/search_1.1.png -
DIRECT/207.40.194.54 image/png

1155359910.707 2 192.168.0.101 TCP_MEM_HIT/200 1677 GET
http://us.i1.yimg.com/us.yimg.com/i/ww/thm/1/search_1.1.png - NONE/-
image/png

Here is my cache log:

2006/08/12 04:55:13| Starting Squid Cache version 2.6.STABLE2 for
i586-pc-linux-gnu...

2006/08/12 04:55:13| Process ID 1808

2006/08/12 04:55:13| With 1024 file descriptors available

2006/08/12 04:55:13| Performing DNS Tests...

2006/08/12 04:55:13| Successful DNS name lookup tests...

2006/08/12 04:55:13| DNS Socket created at 0.0.0.0, port 32782, FD 4

2006/08/12 04:55:13| Adding domain sadepan from /etc/resolv.conf

2006/08/12 04:55:13| Adding nameserver 192.168.0.2 from /etc/resolv.conf

2006/08/12 04:55:13| Adding nameserver 200.45.191.35 from /etc/resolv.conf

2006/08/12 04:55:13| Adding nameserver 200.45.191.40 from /etc/resolv.conf

2006/08/12 04:55:13| helperOpenServers: Starting 5 'squid_ldap_auth'
processes

2006/08/12 04:55:18| Unlinkd pipe opened on FD 14

2006/08/12 04:55:18| Swap maxSize 102400 KB, estimated 7876 objects

2006/08/12 04:55:18| Target number of buckets: 393

2006/08/12 04:55:18| Using 8192 Store buckets

2006/08/12 04:55:18| Max Mem size: 8192 KB

2006/08/12 04:55:18| Max Swap size: 102400 KB

2006/08/12 04:55:18| Rebuilding storage in /usr/local/squid/var/cache
(DIRTY)

2006/08/12 04:55:18| Using Least Load store dir selection

2006/08/12 04:55:18| Set Current Directory to /usr/local/squid/var/cache

2006/08/12 04:55:18| Loaded Icons.

2006/08/12 04:55:18| Accepting proxy HTTP connections at 0.0.0.0, port 3128,
FD 16.

2006/08/12 04:55:18| Accepting proxy HTTP connections at 0.0.0.0, port 8080,
FD 17.

2006/08/12 04:55:18| Accepting ICP messages at 0.0.0.0, port 3130, FD 18.

2006/08/12 04:55:18| WCCP Disabled.

2006/08/12 04:55:18| Ready to serve requests.

2006/08/12 04:55:19| Done reading /usr/local/squid/var/cache swaplog (48
entries)

2006/08/12 04:55:19| Finished rebuilding storage from disk.

2006/08/12 04:55:19| 48 Entries scanned

2006/08/12 04:55:19| 0 Invalid entries.

2006/08/12 04:55:19| 0 With invalid flags.

2006/08/12 04:55:19| 48 Objects loaded.

2006/08/12 04:55:19| 0 Objects expired.

2006/08/12 04:55:19| 0 Objects cancelled.

2006/08/12 04:55:19| 0 Duplicate URLs purged.

2006/08/12 04:55:19| 0 Swapfile clashes avoided.

2006/08/12 04:55:19| Took 0.8 seconds ( 57.1 objects/sec).

2006/08/12 04:55:19| Beginning Validation Procedure

2006/08/12 04:55:19| Completed Validation Procedure

2006/08/12 04:55:19| Validated 48 Entries

2006/08/12 04:55:19| store_swap_size = 344k

2006/08/12 04:55:19| storeLateRelease: released 0 objects

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials'

2006/08/14 02:08:52| Reconfiguring Squid Cache (version 2.6.STABLE2)...

2006/08/14 02:08:52| FD 16 Closing HTTP connection

2006/08/14 02:08:52| FD 17 Closing HTTP connection

2006/08/14 02:08:52| FD 18 Closing ICP connection

2006/08/14 02:08:52| Cache dir '/usr/local/squid/var/cache' size remains
unchanged at 102400 KB

2006/08/14 02:08:52| DNS Socket created at 0.0.0.0, port 32880, FD 6

2006/08/14 02:08:52| Adding domain sadepan from /etc/resolv.conf

2006/08/14 02:08:52| Adding nameserver 192.168.0.2 from /etc/resolv.conf

2006/08/14 02:08:52| Adding nameserver 200.45.191.35 from /etc/resolv.conf

2006/08/14 02:08:52| Adding nameserver 200.45.191.40 from /etc/resolv.conf

2006/08/14 02:08:52| helperOpenServers: Starting 5 'squid_ldap_auth'
processes

2006/08/14 02:08:53| Accepting proxy HTTP connections at 0.0.0.0, port 3128,
FD 13.

2006/08/14 02:08:53| Accepting proxy HTTP connections at 0.0.0.0, port 8080,
FD 15.

2006/08/14 02:08:53| Accepting ICP messages at 0.0.0.0, port 3130, FD 16.

2006/08/14 02:08:53| WCCP Disabled.

2006/08/14 02:08:53| Loaded Icons.

2006/08/14 02:08:53| Ready to serve requests.

2006/08/14 02:09:24| Starting Squid Cache version 2.6.STABLE2 for
i586-pc-linux-gnu...

2006/08/14 02:09:24| Process ID 2552

2006/08/14 02:09:24| With 1024 file descriptors available

2006/08/14 02:09:24| Performing DNS Tests...

2006/08/14 02:09:27| Starting Squid Cache version 2.6.STABLE2 for
i586-pc-linux-gnu...

2006/08/14 02:09:27| Process ID 2556

2006/08/14 02:09:27| With 1024 file descriptors available

2006/08/14 02:09:27| Performing DNS Tests...

2006/08/14 02:09:24| Successful DNS name lookup tests...

2006/08/14 02:09:24| DNS Socket created at 0.0.0.0, port 32882, FD 4

2006/08/14 02:09:24| Adding domain sadepan from /etc/resolv.conf

2006/08/14 02:09:24| Adding nameserver 192.168.0.2 from /etc/resolv.conf

2006/08/14 02:09:24| Adding nameserver 200.45.191.35 from /etc/resolv.conf

2006/08/14 02:09:24| Adding nameserver 200.45.191.40 from /etc/resolv.conf

2006/08/14 02:09:24| helperOpenServers: Starting 5 'squid_ldap_auth'
processes

2006/08/14 02:09:29| Unlinkd pipe opened on FD 14

2006/08/14 02:09:29| Swap maxSize 102400 KB, estimated 7876 objects

2006/08/14 02:09:29| Target number of buckets: 393

2006/08/14 02:09:29| Using 8192 Store buckets

2006/08/14 02:09:29| Max Mem size: 8192 KB

2006/08/14 02:09:29| Max Swap size: 102400 KB

2006/08/14 02:09:29| Rebuilding storage in /usr/local/squid/var/cache
(DIRTY)

2006/08/14 02:09:29| Using Least Load store dir selection

2006/08/14 02:09:29| Set Current Directory to /usr/local/squid/var/cache

2006/08/14 02:09:29| Loaded Icons.

2006/08/14 02:09:29| Accepting proxy HTTP connections at 0.0.0.0, port 3128,
FD 16.

2006/08/14 02:09:29| Accepting proxy HTTP connections at 0.0.0.0, port 8080,
FD 17.

2006/08/14 02:09:29| Accepting ICP messages at 0.0.0.0, port 3130, FD 18.

2006/08/14 02:09:29| WCCP Disabled.

2006/08/14 02:09:29| Ready to serve requests.

2006/08/14 02:09:30| Done reading /usr/local/squid/var/cache swaplog (48
entries)

2006/08/14 02:09:30| Finished rebuilding storage from disk.

2006/08/14 02:09:30| 48 Entries scanned

2006/08/14 02:09:30| 0 Invalid entries.

2006/08/14 02:09:30| 0 With invalid flags.

2006/08/14 02:09:30| 48 Objects loaded.

2006/08/14 02:09:30| 0 Objects expired.

2006/08/14 02:09:30| 0 Objects cancelled.

2006/08/14 02:09:30| 0 Duplicate URLs purged.

2006/08/14 02:09:30| 0 Swapfile clashes avoided.

2006/08/14 02:09:30| Took 0.4 seconds ( 109.8 objects/sec).

2006/08/14 02:09:30| Beginning Validation Procedure

2006/08/14 02:09:30| Completed Validation Procedure

2006/08/14 02:09:30| Validated 48 Entries

2006/08/14 02:09:30| store_swap_size = 344k

2006/08/14 02:09:31| storeLateRelease: released 0 objects

2006/08/14 02:09:27| Successful DNS name lookup tests...

2006/08/14 02:09:27| DNS Socket created at 0.0.0.0, port 32883, FD 4

2006/08/14 02:09:27| Adding domain sadepan from /etc/resolv.conf

2006/08/14 02:09:27| Adding nameserver 192.168.0.2 from /etc/resolv.conf

2006/08/14 02:09:27| Adding nameserver 200.45.191.35 from /etc/resolv.conf

2006/08/14 02:09:27| Adding nameserver 200.45.191.40 from /etc/resolv.conf

2006/08/14 02:09:27| helperOpenServers: Starting 5 'squid_ldap_auth'
processes

2006/08/14 02:09:32| Unlinkd pipe opened on FD 14

2006/08/14 02:09:32| Swap maxSize 102400 KB, estimated 7876 objects

2006/08/14 02:09:32| Target number of buckets: 393

2006/08/14 02:09:32| Using 8192 Store buckets

2006/08/14 02:09:32| Max Mem size: 8192 KB

2006/08/14 02:09:32| Max Swap size: 102400 KB

2006/08/14 02:09:32| Rebuilding storage in /usr/local/squid/var/cache
(DIRTY)

2006/08/14 02:09:32| Using Least Load store dir selection

2006/08/14 02:09:32| Set Current Directory to /usr/local/squid/var/cache

2006/08/14 02:09:32| Loaded Icons.

2006/08/14 02:09:32| commBind: Cannot bind socket FD 16 to *:3128: (98)
Address already in use

2006/08/14 02:09:32| commBind: Cannot bind socket FD 16 to *:8080: (98)
Address already in use

FATAL: Cannot open HTTP Port

Squid Cache (Version 2.6.STABLE2): Terminated abnormally.

CPU Usage: 0.230 seconds = 0.130 user + 0.100 sys

Maximum Resident Size: 0 KB

Page faults with physical i/o: 396

Memory usage for squid via mallinfo():

total space in arena: 2113 KB

Ordinary blocks: 2049 KB 2 blks

Small blocks: 0 KB 1 blks

Holding blocks: 208 KB 1 blks

Free Small blocks: 0 KB

Free Ordinary blocks: 63 KB

Total in use: 2257 KB 107%

Total free: 63 KB 3%

----- Original Message -----
From: "Henrik Nordstrom" <henrik@henriknordstrom.net>
To: "Alejandro Decchi" <adecchi@sadepan.com.ar>
Cc: <squid-users@squid-cache.org>
Sent: Saturday, August 12, 2006 3:47 PM
Subject: Re: [squid-users] Help Error squid !!!
Received on Mon Aug 14 2006 - 13:57:31 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:02 MDT