Hello all, I have Squid running on my firewall, and would like to get a few features running - adzap, delay pools, and username/password authentication. So far I've had success with adzap and delay pools, but the authentication part isn't working. I'm running version 2.5.STABLE11 configure options: --enable-storeio=diskd,ufs --enable-linux-netfilter --enable-removal-policies=heap,lru --enable-delay-pools --enable-auth=ntlm,basic Unfortunately, when I add the auth bits to the config file, instead of prompting clients for a username and password, it just spits out ==== ERROR: The requested URL could not be retrieved You are not currently allowed to request http://yahoo.com/ from this cache due to Access control configuration. ==== Squid appears to be starting correctly: # restartsquid 2005/10/12 09:59:46| Creating Swap Directories # I've tested my auth program and password file; it works fine: # /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/squid_passwd blah blah ERR testuser2 test OK # I'm sure my problem is due to some trivial error in my config, but I've spent a couple days banging away at it without success. I'd appreciate any advice. Here's my squid.conf, which is mostly the default provided by my Linux firewall distribution (SmoothWall): ============================== # defaults were 8 MB and 32 KB, respectively cache_mem 32 MB maximum_object_size_in_memory 128 KB # changed from GDSF to LFUDA - this means the squid proxy will # keep the most popular files in the cache regardless of size cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF half_closed_clients off cache_swap_high 100% cache_swap_low 80% shutdown_lifetime 3 seconds icp_port 0 acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_effective_user squid cache_effective_group squid pid_filename /var/run/squid.pid cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none error_directory /usr/local/squid/etc/smootherrors emulate_httpd_log on log_mime_hdrs off forwarded_for off auth_param basic program /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/squid_passwd auth_param basic children 5 auth_param basic realm Firewall auth_param basic credentialsttl 2 hours acl users1 src 192.168.36.3-192.168.36.250/32 acl users2 proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 445 443 441 563 acl Safe_ports port 80 # http acl Safe_ports port 81 # smoothwall http acl Safe_ports port 21 # ftp acl Safe_ports port 445 443 441 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow localhost http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow users1 users2 #http_access allow localnet http_access deny all ################################################################################ # delay_pools config ################################################################################ # define one class 2 pool delay_pools 1 delay_class 1 2 # users1 follows the rules of pool 1 delay_access 1 allow users1 delay_access 1 deny all # Everyone in users1 has access to the full bandwidth until # his 2 megabyte bucket is empty, then it refills at 4 kbyte/sec # 1 kbyte = 1024, 1 mb = 1048576 #delay_parameters 1 -1/-1 8192/4194304 delay_parameters 1 -1/-1 4096/2097152 # everyone's bucket starts out full delay_initial_bucket_level 100 refresh_pattern -i \.jpg$ 9000000 100% 9000009 override-expire refresh_pattern -i \.gif$ 9000000 100% 9000009 override-expire refresh_pattern -i \.png$ 9000000 100% 9000009 override-expire refresh_pattern -i \.exe$ 9000000 100% 9000009 override-expire redirect_program /usr/local/adzap/scripts/wrapzap
