One more thing is that, if use ntlm_auth as the basic program, squid
doesn't let any connections.
If i use ncsa_auth, the same thing happens.
If i use smb_auth, squid lets users to access the internet irrelevant
of the time mentioned.
Avinash
On Fri, Oct 17, 2008 at 1:56 PM, Avinash Rao <avinash.aol@xxxxxxxxx> wrote:
> The path is /usr/lib/squid and i am able to use the below options in
> squid.conf. In the sense that, squid starts without any errors!!
>
> #auth_param basic program /usr/lib/squid/smb_auth /usr/local/squid/etc/passwd
> #acl sambaUsers proxy_auth REQUIRED
> #acl deadHours time 18:00-20:00
> #http_access deny !deadHours sambaUsers
>
> 1) I didnt find the passwd file under /usr/local/squid/etc/ so i have
> copied /etc/passwd file to this location just to check if it works.
> 2) After enabling these options, squid is not letting any connections
> irrelevant of the time mentioned in the ACL. I am wondering what i am
> missing.
> 3) the wbinfo is still not working, the error, is no logon servers available.
>
> I have reached somewhere... :)
>
>
>
>
>
> On Tue, Oct 14, 2008 at 5:45 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
>>
>> Avinash Rao wrote:
>>>
>>> Dear Amos,
>>>
>>> I have managed to recompile squid with the basic auth helpers and
>>> proxy_auth without any errors.
>>>
>>> root@Studio-Server:~# /etc/init.d/squid reload
>>> * Reloading Squid configuration files
>>> FATAL: auth_param basic program /usr/local/squid/bin/proxy_auth: (2)
>>> No such file or directory
>>> Squid Cache (Version 2.6.STABLE18): Terminated abnormally.
>>> CPU Usage: 0.039 seconds = 0.028 user + 0.011 sys
>>> Maximum Resident Size: 0 KB
>>> Page faults with physical i/o: 0
>>> Aborted
>>>
>>>
>>> Here's what is happening. According to the wiki documentation, i have
>>> to add the auth_param basic program /usr/local/squid/bin/ncsa_auth
>>> /usr/local/squid/etc/passwd
>>>
>>> If i am right, the basic program will be proxy_auth?
>>> Also, i don't find any files under /usr/local/squid/bin?
>>
>> Neither does squid. thats why its dying.
>>
>> The examples are based on defaults. If you had --prefix or any of the other file control settings your helper may be elsewhere than the default place.
>> Thing to do now is to find out where they installed too.
>>
>> The configure option --libexecdir=/somewhere if it was set is the directory.
>>
>> The usual places are:
>> /usr/local/squid/bin/
>> /usr/local/bin/squid
>> /usr/bin/squid
>> /usr/bin/squid/bin
>>
>> and also all the above with 'sbin' instead of just 'bin'.
>>
>> Amos
>>
>>>
>>> wbinfo -a sscms\\root%password
>>>
>>> plaintext password authentication failed
>>> error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
>>> error messsage was: No logon servers
>>> Could not authenticate user sscms\root%solaris with plaintext password
>>> challenge/response password authentication failed
>>> error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
>>> error messsage was: No logon servers
>>> Could not authenticate user sscms\root with challenge/response
>>>
>>> Regards,
>>> Avinash
>>>
>>>
>>> On Tue, Oct 14, 2008 at 7:31 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
>>>>>
>>>>> Amos,
>>>>>
>>>>> I was not there when squid was compiled on the server, I am not able
>>>>> to find the configure file for squid.
>>>>
>>>> "squid -v" will list the configure options squid was built with.
>>>>
>>>>> So, will removing squid and reinstalling work?
>>>>
>>>> It will. Though the removal should not be necessary.
>>>> Simply re-building the source with the same location options and finishing
>>>> with a "make install" should work. You need to be careful about using the
>>>> same configure options for folder and file locations though.
>>>>
>>>> Amos
>>>>
>>>>> Regards,
>>>>> Avinash
>>>>>
>>>>>
>>>>> On Fri, Oct 10, 2008 at 2:35 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx>
>>>>> wrote:
>>>>>>
>>>>>> Avinash Rao wrote:
>>>>>>>
>>>>>>> Yes, I built squid myself. i downloaded the files from the squid site
>>>>>>> and installed it.
>>>>>>>
>>>>>>> Are you asking me rebuild squid using these options --enable-auth
>>>>>>> --enable-{auth type}-auth-helpers={helper names}
>>>>>>>
>>>>>>> Ok, let me try this and get back if necessary.
>>>>>>
>>>>>> Check the ones you have already. You may not need a full rebuild.
>>>>>> If the helper you want to use and its auth type are missing then yes you
>>>>>> will have to add hem and rebuild.
>>>>>>
>>>>>> Amos
>>>>>>
>>>>>>>
>>>>>>> Thanks so much for your time.
>>>>>>> Avinash
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Oct 8, 2008 at 4:18 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Avinash Rao wrote:
>>>>>>>>>
>>>>>>>>> I went through the documentation. I need help in installing the
>>>>>>>>> auth_proxy
>>>>>>>>> module. I didn't install squid from Synaptic Manager, i did it
>>>>>>>>> manually!
>>>>>>>>> so,
>>>>>>>>> the helpers directory is missing on my system and i am not able to
>>>>>>>>> find
>>>>>>>>> the
>>>>>>>>> squid authenticators.
>>>>>>>>>
>>>>>>>>> Is there anyway i can get this?
>>>>>>>>>
>>>>>>>> You built squid yourself?
>>>>>>>>
>>>>>>>> Add some configure options to build the helpers and squid auth
>>>>>>>> components:
>>>>>>>>
>>>>>>>> --enable-auth
>>>>>>>> --enable-{auth type}-auth-helpers={helper names}
>>>>>>>>
>>>>>>>> and rebuild.
>>>>>>>>
>>>>>>>> ./configure --help shows the options and how to find out whats
>>>>>>>> available.
>>>>>>>>
>>>>>>>> Amos
>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, Oct 2, 2008 at 10:24 AM, Avinash Rao <avinash.aol@xxxxxxxxx
>>>>>>>>> <mailto:avinash.aol@xxxxxxxxx>> wrote:
>>>>>>>>>
>>>>>>>>> thanks and i will check it today.
>>>>>>>>>
>>>>>>>>> On Thu, Oct 2, 2008 at 9:09 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx
>>>>>>>>> <mailto:squid3@xxxxxxxxxxxxx>> wrote:
>>>>>>>>> >
>>>>>>>>> > > Amos,
>>>>>>>>> > >
>>>>>>>>> > > Thank you for the information. I will go through the doc, test
>>>>>>>>> it and get
>>>>>>>>> > > back if necessary.
>>>>>>>>> > > If i wrote my requirement right in my last email, the samba
>>>>>>>>> users can get
>>>>>>>>> > > access to internet only between 18:00 - 20:00 Hrs everyday.
>>>>>>>>> >
>>>>>>>>> > Ah, sorry. you wrote it right. I read it wrong.
>>>>>>>>> >
>>>>>>>>> > The http_access line should be:
>>>>>>>>> > http_access deny !deadHours sambaUsers
>>>>>>>>> >
>>>>>>>>> > and the name makes better sense being okayHours instead of
>>>>>>>>> deadHours.
>>>>>>>>> >
>>>>>>>>> > Amos
>>>>>>>>> >
>>>>>>>>> > >
>>>>>>>>> > > Thanks again
>>>>>>>>> > > Avinash
>>>>>>>>> > >
>>>>>>>>> > > On Thu, Oct 2, 2008 at 7:42 AM, Amos Jeffries
>>>>>>>>> <squid3@xxxxxxxxxxxxx <mailto:squid3@xxxxxxxxxxxxx>>
>>>>>>>>> > > wrote:
>>>>>>>>> > >
>>>>>>>>> > >> > Hi all,
>>>>>>>>> > >> >
>>>>>>>>> > >> > I have configured the latest version of squid on Ubuntu
>>>>>>>>> Studio 8.0 -
>>>>>>>>> > >> > AMD 64bit. I have also configured samba.
>>>>>>>>> > >> > I am in need of blocking the samba users from accessing the
>>>>>>>>> internet
>>>>>>>>> > >> > anytime except 18:00 - 20:00 Hrs everyday. How do i do
>>>>>>>>> this?
>>>>>>>>> > >> > The samba is configured as a PDC with WinXP clients.
>>>>>>>>> > >> >
>>>>>>>>> > >>
>>>>>>>>> > >> Standard samba config.
>>>>>>>>> > >> http://wiki.squid-cache.org/SquidFaq/ProxyAuthentication
>>>>>>>>> > >>
>>>>>>>>> > >> Then this at the appropriate place of your config:
>>>>>>>>> > >>
>>>>>>>>> > >> acl sambaUsers proxy_auth REQUIRED
>>>>>>>>> > >> acl deadHours time 18:00-20:00
>>>>>>>>> > >> http_access deny deadHours sambaUsers
>>>>>>>>> > >>
>>>>>>>>> > >>
>>>>>>>>> > >> Amos
>>>>>>>>> > >>
>>>>>>>>> > >>
>>>>>>>>> > >
>>>>>>>>> >
>>>>>>>>> >
>>>>>>>>>
>>>>>>>>>
>>>>>>>> --
>>>>>>>> Please use Squid 2.7.STABLE4 or 3.0.STABLE9
>>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Please use Squid 2.7.STABLE4 or 3.0.STABLE9
>>>>>>
>>>>
>>>>
>>
>>
>> --
>> Please use Squid 2.7.STABLE4 or 3.0.STABLE9
>
