> Hi > I have the following squid config (below) that worked for a while then > squid started giving page faults so I removed squid then reinstalled > it now when I try to open a site I get access denied with out even > being prompted for my username and password. I have tested the ldap > auth and that is working from the command line.. What have I missed ? > what caused it to break? > Current version of squid 2.6.STABLE16 > on Fedora 8 > Assuming that your obfuscated parameters are right the rest of the config looks fine. Most likely that the squid_ldap_auth helper fails when run as the squid user but runs as root? Or possibly, that sometime in the last 2 hours you successfully authenticated with different (now wrong) credentials? > > thanks > > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -b > "OU=Organizational Structure,DC= <snip> > acl ldapauth proxy_auth REQUIRED > http_access allow ldapauth I'd really, really recommend placing this below the Safe_ports and CONNECT safety nets. > > acl all src 0.0.0.0/0.0.0.0 > acl locallan src 10.0.1.0/255.255.255.255 > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > visible_hostname greg-test > http_access allow localhost > http_access deny all > http_port 3128 > > hierarchy_stoplist cgi-bin ? > maximum_object_size_in_memory 50 KB > cache_replacement_policy heap LFUDA > maximum_object_size 4096 KB > access_log /var/log/squid/access.log squid > > acl QUERY urlpath_regex cgi-bin \? > cache deny QUERY > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > quick_abort_min 0 KB > quick_abort_max 0 KB > quick_abort_pct 95 > acl apache rep_header Server ^Apache > broken_vary_encoding allow apache > half_closed_clients off > dns_nameservers 10.0.1.250 196.33.158.230 66.8.85.139 > memory_pools off > coredump_dir /var/spool/squid > Amos
