Em 13-09-2012 14:55, Eliezer Croitoru escreveu:
On 9/13/2012 5:58 PM, Marcio Merlone wrote:
Sep 13 10:01:57 (pam_auth): pam_unix(squid:auth): authentication
failure; logname= uid=13 euid=13 tty= ruser= rhost= user=marcio.merlone
Sep 13 10:01:57 kernel: [ 711.170108] squid3[11856]: segfault at 40 ip
00007f2aae7c43b7 sp 00007fff9910f6e0 error 4 in
squid3[7f2aae5e3000+2ef000]
Sep 13 10:01:57 kernel: [ 711.358552] init: squid3 main process (11856)
killed by SEGV signal
Sep 13 10:01:57 kernel: [ 711.358653] init: squid3 main process ended,
respawning
and add the squid.conf (removing sensitive data such as passwords)
auth_param basic program /usr/lib/squid3/basic_pam_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl SENHA proxy_auth REQUIRED
external_acl_type grupoPosix ttl=300 %LOGIN /usr/lib/squid3/squid_unix_group -p
acl GP_TI external grupoPosix ti
acl xxx_tld dstdomain .xxx
acl SITES_NONE url_regex -i "/etc/squid3/sites_none"
acl SITES_NONE_WORD url_regex -i "/etc/squid3/sites_none_word"
acl soft_updates url_regex -i "/etc/squid3/soft_updates"
acl server_updates url_regex -i "/etc/squid3/server_updates"
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow server_updates
http_access allow soft_updates
http_access deny bad_users
http_access deny SITES_NONE
http_access deny SITES_NONE_WORD !GP_VIP !GP_TI
http_access deny xxx_tld
http_access allow SENHA GP_TI
http_access allow localhost
http_access deny all
http_port 3128
cache_dir ufs /var/spool/squid3 20000 16 256
(Trimmed some repetitive fat regarding other groups and some irrelevant defaults, not just comments)
In short, if I replace
http_access allow SENHA GP_TI
by
http_access allow SENHA
while keeping external_acl_type uncommented it works fine.
If you are looking for a package I have RPM for fedora\centos\redhat
but not DEB for debian\ubuntu.
hhhmmm.... sounds tempting. Alien could be of use for a rpm package.
I would suggest you to try couple times to compile your own squid if
you have specific list of needs.
Not much besides external_acl_type. I am a lazy admin with 3 servers
with exact same conf, just need to keep the most on shared DB - either
LDAP or posix system calls for group membership - squid_unix_group or
squid_ldap_group would do.
We can try to help you figure out some basics and to move on from there.
What exactly do you need? LDAP or PAM?
See above. PAM is required for auth, LDAP is not needed if
squid_unix_group works - pam_ldap is working fine for users and auth.
Complied latest source squid-3.2.1.tar.gz as per Ubuntu docs like this:
./configure --prefix=/usr \
--localstatedir=/var \
--libexecdir=/usr/lib/squid3 \
--srcdir=. \
--datadir=/usr/share/squid3 \
--sysconfdir=/etc/squid3 \
--disable-ipv6 \
--enable-auth-basic="PAM"
make all && make install
Could not yet test the results, will post here when done. I'll be glad
if you can advance some tips.
Thanks a lot and best regards.
--
*Marcio Merlone*
