I have SquidNT (squid/2.5.STABLE3-NT-CVS) installed on a Windows 2003 server. It works fine with no authentication. I want to use the ncsa_auth.exe authentication helper that came with squid, but have not been successful. I can see in the cache.log that squid starts the ncsa_auth helper, I'm not sure if I am writing the password file correctly. Cache.log 2005/06/13 08:40:03| Squid Cache (Version 2.5.STABLE3-NT-CVS): Exiting normally. 2005/06/13 08:40:12| Starting Squid Cache version 2.5.STABLE3-NT-CVS for i686-pc-winnt... 2005/06/13 08:40:12| Running as Squid_Proxy Windows System Service on Windows Server 2003 2005/06/13 08:40:12| Service command line is: 2005/06/13 08:40:12| Process ID 860 2005/06/13 08:40:12| With 2048 file descriptors available 2005/06/13 08:40:12| With 2048 CRT stdio descriptors available 2005/06/13 08:40:12| Windows sockets initialized 2005/06/13 08:40:12| Performing DNS Tests... 2005/06/13 08:40:12| Successful DNS name lookup tests... 2005/06/13 08:40:12| DNS Socket created at 0.0.0.0, port 1821, FD 4 2005/06/13 08:40:12| Adding nameserver 204.65.1.194 from Registry 2005/06/13 08:40:12| Adding nameserver 67.67.199.122 from Registry 2005/06/13 08:40:12| Adding nameserver 204.65.1.194 from Registry 2005/06/13 08:40:12| Adding nameserver 67.67.199.122 from Registry 2005/06/13 08:40:12| helperOpenServers: Starting 10 'ncsa_auth.exe' processes 2005/06/13 08:40:12| User-Agent logging is disabled. 2005/06/13 08:40:12| Referer logging is disabled. 2005/06/13 08:40:12| pinger: ICMP socket opened 2005/06/13 08:40:13| pinger: Squid socket opened 2005/06/13 08:40:12| Pinger socket opened on FD 47 2005/06/13 08:40:12| Unlinkd pipe opened on FD 50 2005/06/13 08:40:12| Swap maxSize 102400 KB, estimated 7876 objects 2005/06/13 08:40:12| Target number of buckets: 393 2005/06/13 08:40:12| Using 8192 Store buckets 2005/06/13 08:40:12| Max Mem size: 8192 KB 2005/06/13 08:40:12| Max Swap size: 102400 KB 2005/06/13 08:40:12| Rebuilding storage in D:\Squid/cache (CLEAN) 2005/06/13 08:40:12| Using Least Load store dir selection 2005/06/13 08:40:12| Set Current Directory to D:\Squid/cache 2005/06/13 08:40:12| Loaded Icons. 2005/06/13 08:40:12| Accepting HTTP connections at 0.0.0.0, port 80, FD 59. 2005/06/13 08:40:12| Accepting ICP messages at 0.0.0.0, port 3130, FD 60. 2005/06/13 08:40:12| Accepting HTCP messages on port 4827, FD 61. 2005/06/13 08:40:12| Accepting SNMP messages on port 3401, FD 62. 2005/06/13 08:40:13| NETDB state reloaded; 166 entries, 94 msec 2005/06/13 08:40:13| Ready to serve requests. 2005/06/13 08:40:13| Configuring Parent icupub.twc.state.tx.us/80/0 2005/06/13 08:40:13| Store rebuilding is 97.2% complete 2005/06/13 08:40:13| Done reading D:\Squid/cache swaplog (4212 entries) 2005/06/13 08:40:13| Finished rebuilding storage from disk. 2005/06/13 08:40:13| 4212 Entries scanned 2005/06/13 08:40:13| 0 Invalid entries. 2005/06/13 08:40:13| 0 With invalid flags. 2005/06/13 08:40:13| 4212 Objects loaded. 2005/06/13 08:40:13| 0 Objects expired. 2005/06/13 08:40:13| 0 Objects cancelled. 2005/06/13 08:40:13| 0 Duplicate URLs purged. 2005/06/13 08:40:13| 0 Swapfile clashes avoided. 2005/06/13 08:40:13| Took 0.1 seconds (29872.3 objects/sec). 2005/06/13 08:40:13| Beginning Validation Procedure 2005/06/13 08:40:13| Completed Validation Procedure 2005/06/13 08:40:13| Validated 4212 Entries 2005/06/13 08:40:13| store_swap_size = 37236k 2005/06/13 08:40:13| storeLateRelease: released 0 objects For the password file, I have a file called password.txt, and I have a username and a password separated by a colon: username:password. Is this correct? test:test shortma1:5t43tv Conf.cmd echo auth_param basic program D:/Squid/libexec/ncsa_auth.exe D:/Squid/pwd/password.txt >> %CONFFILE% echo auth_param basic children 10 >> %CONFFILE% echo auth_param basic realm SquidNT >> %CONFFILE% echo auth_param basic credentialsttl 30 minutes >> %CONFFILE% echo acl all src 0.0.0.0/0.0.0.0 >> %CONFFILE% echo acl manager proto cache_object >> %CONFFILE% echo acl localhost src 127.0.0.1/255.255.255.255 >> %CONFFILE% echo acl to_localhost dst 127.0.0.0/8 >> %CONFFILE% echo acl SSL_ports port 443 563 >> %CONFFILE% echo acl Safe_ports port 80 # http >> %CONFFILE% echo acl Safe_ports port 21 # ftp >> %CONFFILE% echo acl Safe_ports port 443 563 # https, snews >> %CONFFILE% echo acl Safe_ports port 70 # gopher >> %CONFFILE% echo acl Safe_ports port 210 # wais >> %CONFFILE% echo acl Safe_ports port 1025-65535 # unregistered ports >> %CONFFILE% echo acl Safe_ports port 280 # http-mgmt >> %CONFFILE% echo acl Safe_ports port 488 # gss-http >> %CONFFILE% echo acl Safe_ports port 591 # filemaker >> %CONFFILE% echo acl Safe_ports port 777 # multiling http >> %CONFFILE% echo acl CONNECT method CONNECT >> %CONFFILE% echo acl MYLAN src %IP1%-%IP2%/%NETMASK% >> %CONFFILE% echo acl TWC url_regex -i ^.twc.state.tx.us >> %CONFFILE% echo acl TWC2 url_regex -i .twc.state.tx.us$ >> %CONFFILE% echo acl users proxy_auth REQUIRED >> %CONFFILE% echo # acl BadSites url_regex -i "D:/blacklists/warez/badsites.txt" >> %CONFFILE% echo acl PornSites url_regex -i "D:/blacklists/porn/domain.txt" >> %CONFFILE% echo acl Porn_Urls url_regex -i "D:/blacklists/porn/Porn_Urls.txt" >> %CONFFILE% echo # acl warez url_regex -i "D:/blacklists/warez/domains.txt" >> %CONFFILE% echo # TAG: http_access >> %CONFFILE% echo # Allowing or Denying access based on defined access lists >> %CONFFILE% echo # >> %CONFFILE% echo # Access to the HTTP port: >> %CONFFILE% echo # http_access allow//deny [!]aclname ... >> %CONFFILE% echo # >> %CONFFILE% echo # NOTE on default values: >> %CONFFILE% echo # >> %CONFFILE% echo # If there are no "access" lines present, the default is to deny >> %CONFFILE% echo # the request. >> %CONFFILE% echo # >> %CONFFILE% echo # If none of the "access" lines cause a match, the default is the >> %CONFFILE% echo # opposite of the last line in the list. If the last line was >> %CONFFILE% echo # deny, then the default is allow. Conversely, if the last line >> %CONFFILE% echo # is allow, the default will be deny. For these reasons, it is a >> %CONFFILE% echo # good idea to have an "deny all" or "allow all" entry at the end >> %CONFFILE% echo # of your access lists to avoid potential confusion. >> %CONFFILE% echo # >> %CONFFILE% echo # Default: >> %CONFFILE% echo # http_access allow all >> %CONFFILE% echo # >> %CONFFILE% echo # Recommended minimum configuration: >> %CONFFILE% echo # >> %CONFFILE% echo # Only allow cachemgr access from localhost >> %CONFFILE% echo http_access allow manager localhost >> %CONFFILE% echo #http_access deny manager >> %CONFFILE% echo http_access allow users >> %CONFFILE% echo http_access deny !users >> %CONFFILE% echo # Deny requests to unknown ports >> %CONFFILE% echo http_access deny !Safe_ports >> %CONFFILE% echo # Deny CONNECT to other than SSL ports >> %CONFFILE% echo http_access deny CONNECT !SSL_ports >> %CONFFILE% echo # >> %CONFFILE% echo # We strongly recommend to uncomment the following to protect innocent >> %CONFFILE% echo # web applications running on the proxy server who think that the only >> %CONFFILE% echo # one who can access services on "localhost" is a local user >> %CONFFILE% echo # http_access deny to_localhost >> %CONFFILE% echo # >> %CONFFILE% echo # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS >> %CONFFILE% echo # Exampe rule allowing access from your local networks. Adapt >> %CONFFILE% echo # to list your (internal) IP networks from where browsing should >> %CONFFILE% echo # be allowed >> %CONFFILE% echo # acl our_networks src 192.168.1.0/24 192.168.2.0/24 >> %CONFFILE% echo # http_access allow our_networks >> %CONFFILE% echo # And finally deny all other access to this proxy >> %CONFFILE% echo http_access allow TWC >> %CONFFILE% echo http_access allow TWC2 >> %CONFFILE% echo # http_access deny BadSites >> %CONFFILE% echo http_access deny PornSites >> %CONFFILE% echo http_access deny Porn_Urls >> %CONFFILE% echo # http_access deny warez >> %CONFFILE% echo http_access allow MYLAN >> %CONFFILE% echo http_access deny all >> %CONFFILE% The web browser comes up and prompts for a username and password but will not let me get to the internet. I just get the prompt again. Acess.log 1118669439.698 0 10.7.6.30 TCP_DENIED/407 1867 GET http://toolbar.netcraft.com/updates/localblock.dat - NONE/- text/html 1118669440.291 0 10.7.6.30 TCP_DENIED/407 1885 GET http://toolbar.netcraft.com/check_url/http://www.msn.com - NONE/- text/html 1118669440.291 0 10.7.6.30 TCP_DENIED/407 1885 GET http://toolbar.netcraft.com/check_url/http://www.msn.com - NONE/- text/html 1118669440.526 0 10.7.6.30 TCP_DENIED/407 1774 GET http://www.msn.com/ - NONE/- text/html 1118669440.526 0 10.7.6.30 TCP_DENIED/407 1774 GET http://www.msn.com/ - NONE/- text/html 1118669663.088 31 10.7.6.30 TCP_DENIED/407 1774 GET http://www.msn.com/ - NONE/- text/html 1118669663.698 0 10.7.6.30 TCP_DENIED/407 1774 GET http://www.msn.com/ test NONE/- text/html 1118669669.119 31 10.7.6.30 TCP_DENIED/407 1774 GET http://www.msn.com/ - NONE/- text/html 1118669669.307 31 10.7.6.30 TCP_DENIED/407 1832 GET http://toolbarqueries.google.com/search? - NONE/- text/html 1118669669.338 31 10.7.6.30 TCP_DENIED/407 1832 GET http://toolbarqueries.google.com/search? - NONE/- text/html 1118669922.526 32 10.7.6.30 TCP_DENIED/407 1885 GET http://toolbar.netcraft.com/check_url/http://www.msn.com - NONE/- text/html 1118669922.557 31 10.7.6.30 TCP_DENIED/407 1885 GET http://toolbar.netcraft.com/check_url/http://www.msn.com - NONE/- text/html 1118669926.635 31 10.7.6.30 TCP_DENIED/407 1885 GET http://toolbar.netcraft.com/check_url/http://www.msn.com - NONE/- text/html 1118669932.057 31 10.7.6.30 TCP_DENIED/407 1885 GET http://toolbar.netcraft.com/check_url/http://www.msn.com - NONE/- text/html 1118669933.682 0 10.7.6.30 TCP_DENIED/407 1885 GET http://toolbar.netcraft.com/check_url/http://www.msn.com shortma1 NONE/- text/html 1118669934.463 0 10.7.6.30 TCP_DENIED/407 1774 GET http://www.msn.com/ shortma1 NONE/- text/html 1118669934.463 0 10.7.6.30 TCP_DENIED/407 1774 GET http://www.msn.com/ shortma1 NONE/- text/html 1118669935.869 0 10.7.6.30 TCP_DENIED/407 1832 GET http://toolbarqueries.google.com/search? shortma1 NONE/- text/html 1118669935.869 0 10.7.6.30 TCP_DENIED/407 1832 GET http://toolbarqueries.google.com/search? shortma1 NONE/- text/html Any help or suggestions are very much appreciated. ==================================== Mark Shortridge i-Net+, Network+ Computer Support Specialist North East Texas Workforce Development Board 903-794-9490 ext. 106 903-794-4884 fax ==================================== "This e-mail and any files transmitted with it are the property of the North East Texas Workforce Development Board and/or its affiliates, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason or believe that you have received this message in error, please notify the Board at 903-794-9490 ext 106 and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing or copying of this email is strictly prohibited".
