RE: [squid-users] Squid configuration problems from Seb Harrington on 2007-05-13 (squid-users)

From: Seb Harrington <seb@dont-contact.us>
Date: Sun, 13 May 2007 12:40:56 +0100

> So what's your config now?
>
> (I know you posted config details before, but memory is short..)
>
> The error says that you are using never_direct and that there is no
> cache_peer where the request may be forwarded..
>
> Regards
> Henrik

My cache_peers are set up as follows:

cache_peer students.local parent 8080 0 proxy-only no-query
no-netdb-exchange no-digest
cache_peer staff.local parent 8081 0 proxy-only no-query
no-netdb-exchange no-digest
cache_peer special.local parent 8082 0 proxy-only no-query
no-netdb-exchange no-digest

My acls and cache_peer_access directives are as below:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

external_acl_type ntlm_group concurrency=0 children=5 ttl=0 %LOGIN /usr/lib/squid/wbinfo_group.pl

acl special external ntlm_group it
acl staff external ntlm_group Staff
acl students external ntlm_group Students

acl ntlm_users proxy_auth REQUIRED

never_direct allow all

#cache_peer_access students.local allow all

cache_peer_access special.local allow special
cache_peer_access special.local deny all

cache_peer_access students.local allow students
cache_peer_access students.local deny all

cache_peer_access staff.local allow staff
cache_peer_access staff.local deny all

http_access allow ntlm_users

When cache_peer_access students.local allow all uncommented the system works and all requests get passed through the students parent so I guess there is a problem with the ntlm_group external acl.

Cheers,

Seb
Received on Sun May 13 2007 - 05:42:42 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT