David PAZOS wrote:
Hello,
I've configured squid and it seems to be working as it logs which ip
goes to which website but... I can't see the AD users. I've tested
./ntlm_auth with several usernames and it worked...
If you have any idea of what the problem could be, it will be really
appreciate! ;)
I'm running Squid 3.0 RC1 on Gentoo 2007.0
with samba 3.0.26a
and krb5-1.5.3-r1
Here is my squid.conf file :
###########################
http_port 8080
cache_mgr some@xxxxxxxxx
cache_effective_user squid
cache_effective_group squid
ftp_user anonymous@xxxxxxxxxxxxxx
visible_hostname myservername.mydomain.local
logfile_rotate 1
cache_mem 256 MB
cache_access_log /var/log/squid/access.log
cache_dir ufs /var/cache/squid/ncache 1024 16 256
log_ip_on_direct off
debug_options ALL,1
hosts_file /etc/hosts
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl all src 0.0.0.0/0.0.0.0
acl local_network src 192.168.1.0/24 127.0.0.1/32
http_access allow local_network
Anyone surfing from 192.168.1.0/24 is allowed at this point. No
authentication requested or required.
acl SSL_ports port 443 563
acl Safe_ports port 21 70 80 210 280 443 488 563 591 777 1025-65535
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl AuthorizedUsers proxy_auth REQUIRED
http_access deny !AuthorizedUsers
http_access allow all
Here is a view of the access.log file of squid
###############################
1195130391.112 104 192.168.1.34 TCP_MISS/200 512 GET
http://www.google-analy$
Yup. That IP matches. :o)
1195130392.236 1303 192.168.1.34 TCP_MISS/200 20433 GET
http://media.ldlc.com$
1195130392.280 35 192.168.1.34 TCP_MISS/200 717 GET
http://www.hardware.fr/$
1195130416.467 317 192.168.1.34 TCP_MISS/200 2736 GET
http://www.danstapomme$
1195130416.613 109 192.168.1.34 TCP_MISS/200 503 GET
http://www.danstapomme.$
1195130416.617 112 192.168.1.34 TCP_MISS/200 1394 GET
http://www.danstapomme$
1195130416.849 347 192.168.1.34 TCP_MISS/200 24973 GET
http://www.danstapomm$
1195130416.915 31 192.168.1.34 TCP_MISS/404 571 GET
http://www.danstapomme.$
Here is aview of cache.log of squid
###############################
007/11/15 13:37:13| Starting Squid Cache version 3.0.RC1 for
i686-pc-linux-gnu$
2007/11/15 13:37:13| Process ID 8219
2007/11/15 13:37:13| With 1024 file descriptors available
2007/11/15 13:37:13| DNS Socket created at 0.0.0.0, port 40818, FD 7
2007/11/15 13:37:13| Adding nameserver 192.168.1.251 from
/etc/resolv.conf
2007/11/15 13:37:13| helperStatefulOpenServers: Starting 30 'ntlm_auth'
process$
2007/11/15 13:37:14| helperOpenServers: Starting 5 'ntlm_auth' processes
2007/11/15 13:37:14| User-Agent logging is disabled.
2007/11/15 13:37:14| Referer logging is disabled.
2007/11/15 13:37:14| Unlinkd pipe opened on FD 47
2007/11/15 13:37:14| Local cache digest enabled; rebuild/rewrite every
3600/360$
2007/11/15 13:37:14| Swap maxSize 1048576 KB, estimated 80659 objects
2007/11/15 13:37:14| Target number of buckets: 4032
2007/11/15 13:37:14| Using 8192 Store buckets
2007/11/15 13:37:14| Max Mem size: 262144 KB
2007/11/15 13:37:14| Max Swap size: 1048576 KB
2007/11/15 13:37:14| Version 1 of swap file with LFS support detected...
2007/11/15 13:37:14| Rebuilding storage in /var/cache/squid/ncache
(CLEAN)
2007/11/15 13:37:14| Using Least Load store dir selection
2007/11/15 13:37:14| Current Directory is /root
2007/11/15 13:37:14| Loaded Icons.
2007/11/15 13:37:14| Accepting HTTP connections at 0.0.0.0, port 8080,
FD 49.
2007/11/15 13:37:14| HTCP Disabled.
2007/11/15 13:37:14| Ready to serve requests.
2007/11/15 13:37:14| Done reading /var/cache/squid/ncache swaplog (267
entries)
2007/11/15 13:37:14| Finished rebuilding storage from disk.
2007/11/15 13:37:14| 267 Entries scanned
2007/11/15 13:37:14| 0 Invalid entries.
2007/11/15 13:37:14| 0 With invalid flags.
2007/11/15 13:37:14| 267 Objects loaded.
2007/11/15 13:37:14| 0 Objects expired.
2007/11/15 13:37:14| 0 Objects cancelled.
2007/11/15 13:37:14| 0 Duplicate URLs purged.
2007/11/15 13:37:14| 0 Swapfile clashes avoided.
2007/11/15 13:37:14| Took 0.075 seconds (3.6e+03 objects/sec).
2007/11/15 13:37:14| Beginning Validation Procedure
2007/11/15 13:37:14| Completed Validation Procedure
2007/11/15 13:37:14| Validated 559 Entries
2007/11/15 13:37:14| store_swap_size = 2784
2007/11/15 13:37:15| storeLateRelease: released 0 objects
Hope you will find something wierd in my config because I've redone it
twice and I don't know what I've missed...
You might want to peruse the FAQ section on ACLs.
http://wiki.squid-cache.org/SquidFaq/SquidAcl
Many Thanks.
Kindly Regards.
David
Chris