Simon Brereton wrote:
-----Original Message-----
From: Amos Jeffries
Sent: Friday, April 30, 2010 1:26 AM
my squid.conf looks like this:
1742 auth_param basic program /usr/lib/squid3/sasl_auth
/etc/postfix/sasl/smtpd.conf
Does it actually need the config file listed? My understanding was
that placing it in /usr/lib/sasl caused SASL to load it
automatically
as needed.
Interesting - part of the problem I guess is that I didn't really
understand the sasl mech when I set it up - and I can't really
remember what I did. I only have .h and .c files in /usr/lib/sasl -
after a bit of looking I found a file at /etc/default/saslauth that
seems to list the config options for sasl. What I don't seem to be
able to do at the moment is to tell /usr/lib/squid3/sasl_auth where
or to do what it needs to do. (The file /etc/postfix/sasl/smtpd.conf
tells saslauth what query to run on the DB to compare credentials.
I'll keep trying.
Perhaps Ralf can help - since I largely set up SASL with his and Patrick's help *wave*
Trying
/usr/sbin/squid3 from the commandline with -d9 -N gives me too
much
information although I'm trying now to trap it and see, but
having
spent
48
hours to get this far, I thought I'd ask. It's probably as
simple
as
fixing line 1742, but I'd appreciate any pointers in doing that.
If this way gets too much there are two other helpers which may be
an
option for you:
POP3 helper (squid tries to use the credentials to login to the
POP
server and uses the success/fail result from that).
DB helper (Squid passes an SQL query direct to the MySQL
database.
Using the success/fail of that as the result)
Frankly, either would be fine.. In fact, that's all that SASL is
doing. The only reason I went for SASL was because it was the only
thing I could find that seemed relevant to my system. MYSQL would be
more than adequate since it removes the middle-man.. However, I
don't find documentation on this. Can you point me to some?
I found this: http://www.squid-
cache.org/Versions/v3/HEAD/manuals/basic_db_auth but I can't find
db_auth.pl on my system so I don't know what to put for the
auth_param basic program..
Thats manual you found is pretty much the entire documentation for
the DB helper. It does not mention that the --cond parameter can take
a whole string of complex condition if its quoted with "".
Luckily that latter is a perl script. I have a temporary copy here:
http://treenet.co.nz/projects/squid/src/helpers/basic_auth/DB/basic_d
b_auth.in
Just needs:
alter the @PERL@ in the first line
remove the file extension.
chmod / chown to the squid user with read/execute privileges.
configure squid.conf
Forgive me for being an idiot. Sometimes what's clear to the person who wrote something is a complete black box to someone trying to use it (and I disclose I'm not techie, just a geek).
That manual page doesn't say where these options should go. I presume on the command line (i.e. immediately following /usr/lib/squid3/basic_db_auth) as in
/usr/lib/squid3/basic_db_auth --dsn=Mail --table=Accounts, etc.
Yes.
But is it --dsn=Mail or --dsn Mail (both are common in *nix world..)
I use a space between the option and quote the values like so:
--dsn "DI:mysql:foo:database=ex"
have not really tested the = way though.
Also, could I put my args in a file (say /etc/squid3/dbauth) and just have:
/usr/lib/squid3/basic_db_auth /etc/squid3/dbauth
Not as far as I know. Though you could make a wrapper shell script that
runs the command and use that script in your squid.conf instead.
Finally, I opted for editing basic_db_auth (I would have opened it up even if I didn't need to change the @PERL@ and when I saw the my options in there, I figured that would be easiest route). However - and this may not be related, I'm getting a seg fault.
If you realy want to go that way, the "my" bit is only their definition.
options are set later on after the documetation text.
donald:~# /etc/init.d/squid3 start
Starting Squid HTTP Proxy 3.0: squid32010/04/30 15:19:31.080| Processing: 'log_fqdn on'
2010/04/30 15:19:31.080| Processing: 'dns_nameservers 127.0.0.1 8.8.8.8'
2010/04/30 15:19:31.080| Processing: 'auth_param basic program /usr/lib/squid3/libexec/basic_db_auth '
2010/04/30 15:19:31.080| storeDirWriteCleanLogs: Starting...
2010/04/30 15:19:31.080| file_open: FD 5
/etc/init.d/squid3: line 32: 19094 Segmentation fault start-stop-daemon --quiet --start --pidfile $PIDFILE --exec $DAEMON -- $SQUID_ARGS </dev/null
failed!
I'd guess the "helper crashing too fast" which happens when the helpers
die on their own startup.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.1
