Anybody know if i need to install and configure Kerberos and if i need to confiure ldap. And anybody know if i need to configure kerberos and ldap to authenticate the users in active directory to navagate throw squid proxy Thz ----- Original Message ----- From: "Alejandro Decchi" <adecchi@xxxxxxxxxxxxxx> To: "Henrik Nordstrom" <henrik@xxxxxxxxxxxxxxxxxxx>; <squid-users@xxxxxxxxxxxxxxx> Sent: Monday, August 14, 2006 9:37 AM Subject: Re: Help Error squid !!! I installed and configures squid_ldap_auth ,but when I try to navegate throw squid, i can not.I supouse that the problem is in the authenticate with squid and active directory. I hope that someone can help me. Here is my squid.conf : http_port 3128 http_port 8080 acl QUERY urlpath_regex cgi-bin \? cache deny QUERY cache_dir ufs /usr/local/squid/var/cache 100 16 256 cache_log /usr/local/squid/var/logs/cache.log auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -P -R -b "dc=sadepan" -D "cn=squid,cn=Users,dc=sadepan" -w zpig#s1 -f "(&(objectClass=user)(cn=%s))" -h 192.168.0.2 -p 3268 auth_param basic children 5 auth_param basic realm Sadepan LatinoAmericana S.A auth_param basic credentialsttl 5 minutes acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl localnetwork src "/usr/local/squid/permitidos" acl ldap-auth proxy_auth REQUIRED acl password proxy_auth REQUIRED acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS http_access allow localhost http_access allow localnetwork password http_access deny !ldap-auth http_access deny all http_reply_access allow all Here is my access log: 1155101261.248 16 192.168.0.145 TCP_DENIED/407 1717 GET http://www.microsoft.com/spanish/msn - NONE/- text/html 1155101297.337 6 192.168.0.145 TCP_DENIED/407 1717 GET http://www.microsoft.com/spanish/msn - NONE/- text/html 1155104628.563 4 192.168.0.145 TCP_DENIED/407 1717 GET http://www.microsoft.com/spanish/msn - NONE/- text/html 1155104906.827 7 192.168.0.145 TCP_DENIED/407 1717 GET http://www.microsoft.com/spanish/msn - NONE/- text/html 1155104939.595 3 192.168.0.145 TCP_DENIED/407 1717 GET http://www.microsoft.com/spanish/msn - NONE/- text/html 1155105193.137 3 192.168.0.145 TCP_DENIED/407 1717 GET http://www.microsoft.com/spanish/msn - NONE/- text/html 1155105705.485 7 192.168.0.145 TCP_DENIED/407 1717 GET http://www.microsoft.com/spanish/msn - NONE/- text/html 1155359891.071 486 192.168.0.101 TCP_MISS/200 1974 GET http://www.google.com.ar/ - DIRECT/64.233.187.99 text/html 1155359891.667 361 192.168.0.101 TCP_MISS/200 3021 GET http://www.google.com.ar/images/hp2.gif - DIRECT/64.233.187.99 image/gif 1155359891.674 580 192.168.0.101 TCP_MISS/200 4596 GET http://www.google.com.ar/images/hp0.gif - DIRECT/64.233.187.99 image/gif 1155359891.674 365 192.168.0.101 TCP_MISS/200 1729 GET http://www.google.com.ar/images/hp3.gif - DIRECT/64.233.187.104 image/gif 1155359891.774 471 192.168.0.101 TCP_MISS/200 3272 GET http://www.google.com.ar/images/hp1.gif - DIRECT/64.233.187.104 image/gif 1155359909.290 1334 192.168.0.101 TCP_MISS/200 26283 GET http://www.yahoo.com/ - DIRECT/209.73.186.238 text/html 1155359910.699 1407 192.168.0.101 TCP_MISS/200 1678 GET http://us.i1.yimg.com/us.yimg.com/i/ww/thm/1/search_1.1.png - DIRECT/207.40.194.54 image/png 1155359910.707 2 192.168.0.101 TCP_MEM_HIT/200 1677 GET http://us.i1.yimg.com/us.yimg.com/i/ww/thm/1/search_1.1.png - NONE/- image/png Here is my cache log: 2006/08/12 04:55:13| Starting Squid Cache version 2.6.STABLE2 for i586-pc-linux-gnu... 2006/08/12 04:55:13| Process ID 1808 2006/08/12 04:55:13| With 1024 file descriptors available 2006/08/12 04:55:13| Performing DNS Tests... 2006/08/12 04:55:13| Successful DNS name lookup tests... 2006/08/12 04:55:13| DNS Socket created at 0.0.0.0, port 32782, FD 4 2006/08/12 04:55:13| Adding domain sadepan from /etc/resolv.conf 2006/08/12 04:55:13| Adding nameserver 192.168.0.2 from /etc/resolv.conf 2006/08/12 04:55:13| Adding nameserver 200.45.191.35 from /etc/resolv.conf 2006/08/12 04:55:13| Adding nameserver 200.45.191.40 from /etc/resolv.conf 2006/08/12 04:55:13| helperOpenServers: Starting 5 'squid_ldap_auth' processes 2006/08/12 04:55:18| Unlinkd pipe opened on FD 14 2006/08/12 04:55:18| Swap maxSize 102400 KB, estimated 7876 objects 2006/08/12 04:55:18| Target number of buckets: 393 2006/08/12 04:55:18| Using 8192 Store buckets 2006/08/12 04:55:18| Max Mem size: 8192 KB 2006/08/12 04:55:18| Max Swap size: 102400 KB 2006/08/12 04:55:18| Rebuilding storage in /usr/local/squid/var/cache (DIRTY) 2006/08/12 04:55:18| Using Least Load store dir selection 2006/08/12 04:55:18| Set Current Directory to /usr/local/squid/var/cache 2006/08/12 04:55:18| Loaded Icons. 2006/08/12 04:55:18| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 16. 2006/08/12 04:55:18| Accepting proxy HTTP connections at 0.0.0.0, port 8080, FD 17. 2006/08/12 04:55:18| Accepting ICP messages at 0.0.0.0, port 3130, FD 18. 2006/08/12 04:55:18| WCCP Disabled. 2006/08/12 04:55:18| Ready to serve requests. 2006/08/12 04:55:19| Done reading /usr/local/squid/var/cache swaplog (48 entries) 2006/08/12 04:55:19| Finished rebuilding storage from disk. 2006/08/12 04:55:19| 48 Entries scanned 2006/08/12 04:55:19| 0 Invalid entries. 2006/08/12 04:55:19| 0 With invalid flags. 2006/08/12 04:55:19| 48 Objects loaded. 2006/08/12 04:55:19| 0 Objects expired. 2006/08/12 04:55:19| 0 Objects cancelled. 2006/08/12 04:55:19| 0 Duplicate URLs purged. 2006/08/12 04:55:19| 0 Swapfile clashes avoided. 2006/08/12 04:55:19| Took 0.8 seconds ( 57.1 objects/sec). 2006/08/12 04:55:19| Beginning Validation Procedure 2006/08/12 04:55:19| Completed Validation Procedure 2006/08/12 04:55:19| Validated 48 Entries 2006/08/12 04:55:19| store_swap_size = 344k 2006/08/12 04:55:19| storeLateRelease: released 0 objects squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' 2006/08/14 02:08:52| Reconfiguring Squid Cache (version 2.6.STABLE2)... 2006/08/14 02:08:52| FD 16 Closing HTTP connection 2006/08/14 02:08:52| FD 17 Closing HTTP connection 2006/08/14 02:08:52| FD 18 Closing ICP connection 2006/08/14 02:08:52| Cache dir '/usr/local/squid/var/cache' size remains unchanged at 102400 KB 2006/08/14 02:08:52| DNS Socket created at 0.0.0.0, port 32880, FD 6 2006/08/14 02:08:52| Adding domain sadepan from /etc/resolv.conf 2006/08/14 02:08:52| Adding nameserver 192.168.0.2 from /etc/resolv.conf 2006/08/14 02:08:52| Adding nameserver 200.45.191.35 from /etc/resolv.conf 2006/08/14 02:08:52| Adding nameserver 200.45.191.40 from /etc/resolv.conf 2006/08/14 02:08:52| helperOpenServers: Starting 5 'squid_ldap_auth' processes 2006/08/14 02:08:53| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 13. 2006/08/14 02:08:53| Accepting proxy HTTP connections at 0.0.0.0, port 8080, FD 15. 2006/08/14 02:08:53| Accepting ICP messages at 0.0.0.0, port 3130, FD 16. 2006/08/14 02:08:53| WCCP Disabled. 2006/08/14 02:08:53| Loaded Icons. 2006/08/14 02:08:53| Ready to serve requests. 2006/08/14 02:09:24| Starting Squid Cache version 2.6.STABLE2 for i586-pc-linux-gnu... 2006/08/14 02:09:24| Process ID 2552 2006/08/14 02:09:24| With 1024 file descriptors available 2006/08/14 02:09:24| Performing DNS Tests... 2006/08/14 02:09:27| Starting Squid Cache version 2.6.STABLE2 for i586-pc-linux-gnu... 2006/08/14 02:09:27| Process ID 2556 2006/08/14 02:09:27| With 1024 file descriptors available 2006/08/14 02:09:27| Performing DNS Tests... 2006/08/14 02:09:24| Successful DNS name lookup tests... 2006/08/14 02:09:24| DNS Socket created at 0.0.0.0, port 32882, FD 4 2006/08/14 02:09:24| Adding domain sadepan from /etc/resolv.conf 2006/08/14 02:09:24| Adding nameserver 192.168.0.2 from /etc/resolv.conf 2006/08/14 02:09:24| Adding nameserver 200.45.191.35 from /etc/resolv.conf 2006/08/14 02:09:24| Adding nameserver 200.45.191.40 from /etc/resolv.conf 2006/08/14 02:09:24| helperOpenServers: Starting 5 'squid_ldap_auth' processes 2006/08/14 02:09:29| Unlinkd pipe opened on FD 14 2006/08/14 02:09:29| Swap maxSize 102400 KB, estimated 7876 objects 2006/08/14 02:09:29| Target number of buckets: 393 2006/08/14 02:09:29| Using 8192 Store buckets 2006/08/14 02:09:29| Max Mem size: 8192 KB 2006/08/14 02:09:29| Max Swap size: 102400 KB 2006/08/14 02:09:29| Rebuilding storage in /usr/local/squid/var/cache (DIRTY) 2006/08/14 02:09:29| Using Least Load store dir selection 2006/08/14 02:09:29| Set Current Directory to /usr/local/squid/var/cache 2006/08/14 02:09:29| Loaded Icons. 2006/08/14 02:09:29| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 16. 2006/08/14 02:09:29| Accepting proxy HTTP connections at 0.0.0.0, port 8080, FD 17. 2006/08/14 02:09:29| Accepting ICP messages at 0.0.0.0, port 3130, FD 18. 2006/08/14 02:09:29| WCCP Disabled. 2006/08/14 02:09:29| Ready to serve requests. 2006/08/14 02:09:30| Done reading /usr/local/squid/var/cache swaplog (48 entries) 2006/08/14 02:09:30| Finished rebuilding storage from disk. 2006/08/14 02:09:30| 48 Entries scanned 2006/08/14 02:09:30| 0 Invalid entries. 2006/08/14 02:09:30| 0 With invalid flags. 2006/08/14 02:09:30| 48 Objects loaded. 2006/08/14 02:09:30| 0 Objects expired. 2006/08/14 02:09:30| 0 Objects cancelled. 2006/08/14 02:09:30| 0 Duplicate URLs purged. 2006/08/14 02:09:30| 0 Swapfile clashes avoided. 2006/08/14 02:09:30| Took 0.4 seconds ( 109.8 objects/sec). 2006/08/14 02:09:30| Beginning Validation Procedure 2006/08/14 02:09:30| Completed Validation Procedure 2006/08/14 02:09:30| Validated 48 Entries 2006/08/14 02:09:30| store_swap_size = 344k 2006/08/14 02:09:31| storeLateRelease: released 0 objects 2006/08/14 02:09:27| Successful DNS name lookup tests... 2006/08/14 02:09:27| DNS Socket created at 0.0.0.0, port 32883, FD 4 2006/08/14 02:09:27| Adding domain sadepan from /etc/resolv.conf 2006/08/14 02:09:27| Adding nameserver 192.168.0.2 from /etc/resolv.conf 2006/08/14 02:09:27| Adding nameserver 200.45.191.35 from /etc/resolv.conf 2006/08/14 02:09:27| Adding nameserver 200.45.191.40 from /etc/resolv.conf 2006/08/14 02:09:27| helperOpenServers: Starting 5 'squid_ldap_auth' processes 2006/08/14 02:09:32| Unlinkd pipe opened on FD 14 2006/08/14 02:09:32| Swap maxSize 102400 KB, estimated 7876 objects 2006/08/14 02:09:32| Target number of buckets: 393 2006/08/14 02:09:32| Using 8192 Store buckets 2006/08/14 02:09:32| Max Mem size: 8192 KB 2006/08/14 02:09:32| Max Swap size: 102400 KB 2006/08/14 02:09:32| Rebuilding storage in /usr/local/squid/var/cache (DIRTY) 2006/08/14 02:09:32| Using Least Load store dir selection 2006/08/14 02:09:32| Set Current Directory to /usr/local/squid/var/cache 2006/08/14 02:09:32| Loaded Icons. 2006/08/14 02:09:32| commBind: Cannot bind socket FD 16 to *:3128: (98) Address already in use 2006/08/14 02:09:32| commBind: Cannot bind socket FD 16 to *:8080: (98) Address already in use FATAL: Cannot open HTTP Port Squid Cache (Version 2.6.STABLE2): Terminated abnormally. CPU Usage: 0.230 seconds = 0.130 user + 0.100 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 396 Memory usage for squid via mallinfo(): total space in arena: 2113 KB Ordinary blocks: 2049 KB 2 blks Small blocks: 0 KB 1 blks Holding blocks: 208 KB 1 blks Free Small blocks: 0 KB Free Ordinary blocks: 63 KB Total in use: 2257 KB 107% Total free: 63 KB 3% ----- Original Message ----- From: "Henrik Nordstrom" <henrik@xxxxxxxxxxxxxxxxxxx> To: "Alejandro Decchi" <adecchi@xxxxxxxxxxxxxx> Cc: <squid-users@xxxxxxxxxxxxxxx> Sent: Saturday, August 12, 2006 3:47 PM Subject: Re: Help Error squid !!!
